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DIRECTOR’S  FOREWORD 

Computing  and  standards  are  woven  into  the  structure  of  our  modem  society 
and  economy.  Two  national  studies  done  in  1992,  one  by  the  National  Re- 
search Council  (NRC)  on  computing  as  a discipline,  and  one  by  the  Ofllce  of 
Technology  Assessment  (OTA)  on  the  development  of  international  standards, 
point  up  the  importance  of  both  computing  and  standards  to  our  future 
economic  well-being. 

Organizations  of  all  sizes  depend  upon  computers  to  keep  records,  simulate 
complex  situations,  design  products,  control  equipment,  and  solve  comput- 
ational problems.  Computing  the  Future,  the  NRC  study,  cites  the  exceptional 
progress  that  has  been  made  In  achieving  small,  fast,  light,  and  inexpensive 
components  and  in  advancing  computing  power  and  use.  Continued  progress 
in  computing  wUl  depend  on  addressing  stmctural  and  funding  issues,  as  well 
as  sustained  work  in  multiple  processors,  data  communications  and  network- 
ing. computer  security,  software  engineering,  information  storage  and  manage- 
ment. computer  reliability,  and  user  interfaces. 

According  to  the  OTA  study.  Global  Standards,  Building  Blocks  for  the  Fu- 
ture, standards  affect  our  lives  in  many  ways,  but  the  process  for  setting  stand- 
ards may  not  work  as  well  as  it  should.  The  U.S.  has  a big  stake  in  the 
effectiveness  of  the  standards  process  as  more  and  more  Industries  become  de- 
pendent on  trade,  and  as  organizations  become  more  dependent  upon  tech- 
nology. OTA  says  that  there  is  a clear  need  to  pay  greater  attention  to 
standards  in  an  information-based  global  economy. 

The  Computer  Systems  Laboratory  (CSL)  at  the  National  Institute  of  Standards 
and  Technology  works  at  the  intersection  of  computing  and  standards.  We  are 
responsible  for  developing  standards,  guidelines,  and  test  methods,  and  for  pro- 
viding research  and  technical  assistance  on  computer  and  related  telecom- 
munications systems. 

CSL  is  an  active  participcmt  in  the  development  of  national  and  international 
standards,  and  collaborates  with  the  industry  consortia  that  have  formed  to 
promote  open  systems.  CSL  encourages  the  development  of  off-the-shelf  pro- 
ducts and  services  that  will  serve  the  needs  of  users  everywhere,  not  just  those 
in  the  federal  government.  This  report  details  selected  standards,  technical 
assistance,  and  research  efforts,  many  of  which  were  carried  out  in  conjunction 
with  industry,  users,  and  other  governments. 

We  were  pleased  to  have  contributed  to  TRIP  ’92  (Transcontinental  Inte- 
grated Services  Digital  Network  [ISDN]  Project)  which  marked  the  start  of  stand- 
ard ISDN  services  across  the  country.  First  developed  about  ten  years  ago  but 
not  widely  Implemented,  ISDN  integrates  voice,  data,  and  image  transmissions 
over  a single  user  connection  using  the  existing  telecommunications 
infrastructure. 


TRIP  ’92  successfully  demonstrated  the  implementation  of  national  and  inter- 
national standards  for  ISDN  in  accordance  with  specifications  developed  by 
Bellcore.  Co-sponsors  were  the  Corporation  for  Open  Systems  and  the  North 
American  ISDN  Users  Forum  (NIUF),  a consortium  that  CSL  organized  under  a 
Cooperative  Research  and  Development  Agreement  with  exchange  carriers,  in- 
terexchange carriers,  customer  premises  equipment  suppliers,  and  users.  Na- 
tionwide open  houses  showed  ISDN  applications,  including  video  conferencing, 
desktop  conferencing,  and  file  and  screen  sharing,  to  industry  and  government 
organizations. 

During  the  past  year,  we  established  a Memorandum  of  Understanding  with 
the  Communications  Security  Establishment  of  Canada  to  cooperate  in  future 
projects  for  computer  security  systems  evaluation,  standards  development,  and 
validation  activities.  1 believe  that  both  the  U.S.  and  Canadian  governments 
will  benefit  from  the  joint  development  of  technical  solutions  to  common  infor- 
mation security  problems. 

Progress  was  made  in  the  implementation  and  integration  of  standards  that 
support  the  Computer-aided  Acquisition  and  Logistic  Support  (CALS)  project  of 
the  Department  of  Defense  (DoD).  Applications  that  meet  CALS  requirements 
are  becoming  commercially  available.  The  CALS  project  is  concerned  with  the 
generation,  access,  management,  maintenance,  distribution,  and  use  of  technical 
data  used  for  the  design,  manufacture,  and  support  of  complex  weapons  systems. 

The  Year  Ahead  We  win  continue  to  support  the  development  of  standards  and  technology  to 
protect  information  from  unauthorized  modification,  undetected  loss,  and  un- 
authorized disclosure.  Our  cooperative  project  with  the  National  Security 
Agency  (NSA)  is  expected  to  result  in  a new  federal  standard  for  specifying  com- 
puter security  requirements  in  open  systems  environments.  This  work,  which 
draws  on  the  current  Trusted  Computer  System  Evaluation  Criteria  ( Orange 
Book)  developed  by  NSA,  will  make  it  easier  for  users  to  specify  the  level  of 
security  needed  to  protect  data  integrity  and  confidentiality  and  to  assure 
system  availability. 

Several  planned  standards  for  cryptography  are  on  our  agenda:  review  of 
Federal  Information  Processing  Standard  (FIPS)  46-1,  Data  Encryption  Stand- 
ard, for  reaffirmation  or  modification:  completion  of  standards  for  secure  mes- 
sage digests,  for  digital  signatures,  and  for  the  implementation  of  cryptographic 
modules  in  computer  systems. 

The  High  Performance  Computing  and  Communications  Program  being 
coordinated  by  the  Office  of  Science  and  Technology  Policy  will  continue  to  be  a 
priority.  Organized  as  an  interagency  activity  in  cooperation  with  industry  and 
academia,  this  program  addresses  national  needs  for  advanced  computers, 
high-capacity  and  high-speed  networks,  and  electronic  data  bases. 

We  expect  to  complete  the  Industry/Govemment  Open  Systems  Specifica- 
tion (IGOSS)  which  will  consolidate  user  requirements  for  computer  networking 
products.  IGOSS  is  being  developed  in  conjunction  with  the  Canadian  govern- 
ment. the  World  Federation  of  MAP /TOP  Groups,  and  the  electric  power  in- 
dustry and  will  enable  major  user  groups  with  significant  purchasing  power  to 
speak  to  the  vendors  with  one  voice. 


Standards  and  Users 


Standards  are  essential  to  the  computer  industry  which  is  dependent  on  trade. 
Standards  are  equally  important  to  users  for  reducing  risks  and  adapting  to 
technological  change.  Personal  computers,  networks,  workstations,  software 
packages,  and  other  changes  in  computing  technology  have  stimulated  user  re- 
quirements for  interoperability  (ability  for  heterogeneous  systems  to  inter- 
operate) and  portability  (ability  to  move  an  application  from  one  system  to 
another).  Users  would  not  find  PCs  useful  without  standards  for  input/output, 
removable  storage  media,  control  languages,  operating  systems,  subroutines, 
utilities,  software,  and  printer  interconnections. 

But  standards  are  not  always  available  to  meet  user  requirements.  Because 
of  the  rapid  pace  of  technological  change,  the  standards  process  has  become 
complex,  fragmented,  and  slow.  The  technology  may  have  changed  before  a 
standard  is  completed,  making  it  too  late  for  implementation  in  products. 

Standards  are  produced  at  different  levels  of  abstraction  and  are  difficult  for 
users  to  integrate  into  coherent  systems.  Products  implementing  abstract 
standards  may  be  incomplete  and  require  extensive  testing  to  assure  interwork- 
ing with  existing  products  and  systems. 

Internationally  accepted  standards  are  the  ultimate  goal  for  both  users  and 
vendors.  Users  must  continue  to  bring  their  requirements  to  the  attention  of 
vendors  and  other  groups.  Users  should  state  their  plans  for  the  use  of  tech- 
nology and  keep  informed  on  the  progress  of  standards  development.  They 
should  plan  for  the  transition  to  standards  in  their  systems  and  adopt  policies 
to  buy  standards-based  products. 

Until  all  of  the  needed  standards  are  available,  users  may  have  to  comple- 
ment the  voluntary  industry  standards  with  other  specifications,  market  stand- 
ards. and  the  work  of  consortia.  Users  can  develop  reference  models  that 
establish  a context  for  how  different  technologies  required  as  pari  of  an  open 
systems  environment  relate  to  one  another,  and  profiles  that  integrate  stand- 
ards and  other  specifications.  Doing  this  cooperatively  with  other  users  can 
help  to  form  a unified  market  for  standards-based  products. 

Over  the  past  year,  considerable  progress  has  been  made  in  the  application 
of  standards  and  in  user  awareness  of  the  need  for  standards  to  achieve  their 
goals  of  open  computing  systems.  But  there  are  many  challenges  ahead  to  ad- 
vance the  state-of-the-art  of  computing  and  to  make  standards  work  for  the 
users  of  computer  technology  and  for  the  computer  industry. 

I welcome  your  comments  on  our  programs  and  activities  which  are  detailed 
in  this  report. 


ies  H.  Burrows 
frector 

Computer  Systems  Laboratory 
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Computer  Security 


OVERVIEW  OF  THE  COMPUTER 
SYSTEMS  LABORATORY 

A major  research  component  of  the  National  Institute  of  Standards  and  Tech- 
nology (NIST),  the  Computer  Systems  Laboratory  (CSL)  supports  U.S.  industry 
and  government  by  fostering  the  development  and  facilitating  the  commerciali- 
zation of  advanced  computer  and  telecommunications  technologies.  The 
Brooks  Act  (Public  Law  89-306),  the  Computer  Security  Act  of  1987  (Public  Law 
100-235),  and  the  Omnibus  Trade  and  Competitiveness  Act  of  1988  (Public 
Law  100-418)  mandate  CSL’s  programs  and  research  activities. 

In  responding  to  the  requirements  of  government  and  industry,  CSL  focuses  on 
the  needs  of  its  user  constituencies  to  establish  programs  and  priorities  in 
basic  research,  the  development  of  standards  and  test  methods,  and  technical 
leadership  in  computer  and  telecommunications  technologies.  CSL  programs 
strive  to  strengthen  the  competitiveness  of  U.S.  industry  in  the  global  market- 
place and  maintain  America’s  technical  leadership  in  the  vital  information  pro- 
cessing industries.  Government  and  industry  alike  benefit  from  CSL  programs 
which  advance  the  development  of  open  systems,  enhance  the  security  of  auto- 
mated information  resources,  and  promote  the  development  and  use  of  high- 
performance  computer  and  communications  capabilities. 

Users  have  a diversity  of  requirements  which  no  single  vendor  can  supply. 
Meeting  the  various  needs  of  industry  and  government  requires  an  open  sys- 
tems environment  in  which  hardware,  software,  cind  telecommunications  pro- 
ducts interoperate.  Through  cooperative  efforts  with  industry,  users,  and 
voluntary  industry  standards  organizations,  CSL  supports  the  development  of 
technology  and  standards  for  application  portability,  interoperability,  and  com- 
puting architectures  which  support  open  systems.  As  the  decade  advances, 
more  commercial,  off-the-shelf  products  are  becoming  available  to  meet  user 
needs  to  move  data,  appheations.  and  people  skills  from  one  system  or 
environment  to  another. 

As  open  systems  and  networks  proliferate,  users  want  assurance  that  valuable 
information  resources  are  protected  from  disclosure,  destruction,  or  loss.  The 
Computer  Security  Act  of  1987  strengthened  and  reaffirmed  CSL’s  role  in  pro- 
tecting vital  data  in  federal  computer  systems  and  networks.  Our  computer 
security  program  focuses  on  the  development  of  standards  and  guidelines  to 
federal  agencies  and  industry,  computer  security  awareness  and  training  activi- 
ties for  users  and  managers,  publications,  conferences,  and  sponsorship  of  the 
Federal  Computer  Seeurity  Program  Managers  Forum  and  the  Computer 
System  Security  and  Privacy  Advisory  Board  established  by  the  legislation. 
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CSL’s  laboratory-based  research  program  supports  and  complements  its  stand- 
ards activities  and  technical  assistance  to  the  public  and  private  sectors.  Re- 
search endeavors,  often  in  collaboration  with  industry  or  in  support  of  other 
federal  agencies,  include  diverse  computer  and  communications  areas  such  as 
data  management,  software  engineering,  information  security,  network  architec- 
tures, and  advanced  systems  such  as  Integrated  Services  Digital  Network 
(ISDN).  The  development  of  test  and  measurement  methods  to  evaluate  con- 
formance of  products  to  standards  remains  a significant  part  of  our  research 
program.  Six  patent  applications,  currently  pending,  resulted  from  CSL 
research  this  year.  Transferring  technology  to  government  and  industry 
completes  the  research  cycle. 

Each  year  many  organizations  ask  for  CSL’s  advice  and  assistance  in  providing 
technical  solutions  to  complex  computer  and  telecommunications  problems.  In 
1992,  we  collaborated  with  44  government,  industry,  and  academic  institutions 
in  formal  cooperative  research  projects.  Our  ongoing  workshop  efforts  con- 
tinued, including  the  Open  System  Environment  (OSE)  Implementors’  Work- 
shop (OIW),  the  Applications  Portability  Profile  (APP)/OSE  Users’  Forum,  and 
the  North  American  ISDN  Users’  Forum.  Many  other  informal  interactions  with 
government  and  industry  partners  involved  the  sharing  of  equipment  or  exper- 
tise. These  cooperative  arrangements  benefit  all  parties  involved  and  signifi- 
cantly speed  the  commercialization  of  new  products  and  emerging  technologies. 

CSL  is  organized  into  five  technical  divisions:  Information  Systems  Engineer- 
ing Division,  Systems  and  Software  Technology  Division,  Computer  Security  Di- 
vision, Systems  and  Network  Architecture  Division,  and  Advanced  Systems 
Division.  Our  professional  staff  consists  of  computer  scientists,  computer  spe- 
cialists, electrical  and  electronics  engineers,  and  mathematicians.  Staffing  re- 
sources in  FY  1992  included  241  full-time-equivalent  employees  of  which  75% 
were  professional  and  technical  staff  and  25%  were  administrative  support  per- 
sonnel. In  addition  to  CSL  staff,  about  31  research  associates,  guest  scientists, 
and  faculty  appointments  enhanced  our  research  program. 

Funding  for  CSL  programs  in  FY  1992  consisted  of  $12.4  million  from  the 
NIST  Congressional  appropriation  (STRS),  including  $.7  million  in  NIST-sup- 
ported  competency  funding  and  $18.2  million  in  reimbursable  funds,  mostly 
for  direct  technical  assistance  from  other  federal  agencies.  About  37  organiza- 
tions in  government  and  industry  received  reimbursable  technical  support  from 
CSL  in  FY  1992.  The  Department  of  Defense,  the  General  Services  Administra- 
tion, and  the  Department  of  the  Treasury  are  representative  of  federal  agencies 
that  utilized  our  resources  to  solve  technical  problems. 
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A primaiy  goal  of  our  organization  is  the  sharing  of  information  and  technology 
with  government,  business,  academia,  and  the  public.  CSL  publishes  a variety 
of  documents  including  Federal  Information  Processing  Standards  (FIPS)  and 
guidelines:  special  publications  series  focusing  on  computer  systems,  computer 
security,  and  ISDN:  technical  interagency  reports  on  research  and  tests:  a quar- 
terly CSL  newsletter:  and  a CSL  bulletin  series  published  about  eight  times  a 
year  on  topics  of  interest  to  the  information  systems  community.  See  the  Tech- 
nology Transfer  section  for  a list  of  FIPS  and  other  publications  currently  availa- 
ble for  sale  through  the  Government  Printing  Office  (GPO)  or  the  National 
Technical  Information  Service  (NTIS).  A variety  of  conferences  and  workshops 
are  sponsored  and  hosted  by  CSL  throughout  the  year,  and  our  staff  members 
address  many  federal  and  private  organizations  each  year. 

CSL  maintains  four  electronic  bulletin  boards  to  share  information  with 
computer  users  with  dial-up  capability.  Bulletin  boards  offer  information  on 
computer  security,  data  management.  Open  System  Interconnection  (OSI) 
activities,  and  Integrated  Services  Digital  Network  (ISDN).  Instructions  for  ac- 
cessing bulletin  boards  appear  in  Technology  Transfer. 

Technical  highlights  of  our  five  divisions  follow. 
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Data  Administration 


INFORMATION  SYSTEMS 
ENGINEERING  DIVISION 

The  Information  Systems  Engineering  Division  develops  standards  and  pro- 
vides technical  assistance  to  government  and  industry  in  data  administration, 
data  management  technology,  computer  graphics,  and  software  standards 
validation. 

CSL  expanded  its  support  to  the  voluntary  standards  efforts  concerning  the  In- 
formation Resource  Dictionary  System  (IFiDS),  both  at  the  American  National 
Standards  Institute  (ANSI)  level  and  at  the  International  Organization  for  Stand- 
ardization (ISO)  level.  The  development  of  the  final  two  modules  for  the  ANSI 
IRDS  was  completed  this  past  year,  and  work  is  underway  on  the  development 
of  the  next  generation  of  the  standard,  known  as  IRDS2. 

CSL  assumed  several  leadership  roles  in  the  development  of  the  new  stand- 
ard. including  chairmanship  of  an  IRDS  technical  subcommittee,  editorship  of 
the  IRDS2  requirements  document,  and  U.S.  International  Representative  to 
the  ISO  IRDS  committee.  Development  efforts  on  IRDS2  focus  on  utilizing  the 
IRDS  as  a mechanism  to  integrate  the  results  produced  through  the  use  of 
Computer-Aided  Software  Engineering  (CASE)  tools  throughout  an  application 
system’s  life  cycle.  CSL  is  concentrating  its  efforts  in  coordinating  ANSI  and 
ISO  IRDS2  development  work  so  that  the  final  standards  specifications  are  in 
agreement. 

Also  initiated  was  the  development  of  two  new  Federal  Information  Pro- 
cessing Standards  (FIPS)  for  activity  and  data  modeling.  The  FIPS  are  being 
developed  in  conjunction  with  user  groups  for  the  software  modeling 
methodologies. 

CSL  maintained  working  agreements  with  the  Department  of  Education,  the 
Environmental  Protection  Agency,  the  Internal  Revenue  Service,  and  the  De- 
partment of  Defense  (DoD)  in  areas  such  as  tool  integration,  establishment  of 
data  administration  policy  for  an  organization,  and  integration  of  modeling 
methodologies.  In  aU  of  these  interactions.  CSL  seeks  to  ensure  that  organiza- 
tions take  maximum  advantage  of  standards  that  facilitate  open  systems 
environments. 

In  recognition  of  significant  contributions  In  data  administration,  NIST  re- 
ceived the  first  Data  Administration  Management  Association’s  (DAMA)  Com- 
pany Achievement  Award  at  the  annual  DAMA  Symposium  which  CSL 
cosponsors.  This  year’s  theme.  Data  Administration  - A Value-Added  Service, 
emphasized  the  ideas  and  technologies  that  deliver  clearly  visible  value  to  the 
customers  of  data  administration. 
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Division  researchers  participated  in  the  development,  coordination,  and  ap- 
proval of  a major  extension  to  national  and  international  standards  for 
Database  Language  SQL.  The  extended  standard,  known  as  SQL  1992,  revises 
and  replaces  the  two  existing  1989  specifications  that  were  adopted  as  FIPS 
127-1,  Database  Language  SQL.  Major  additions  include  schema  manipula- 
tion. which  allows  a schema  definition  to  be  changed:  dynamic  SQL,  which  pro- 
vides facilities  for  dynamic  construction  and  execution  of  SQL  statements; 
diagnostics  management,  which  communicates  constraint  violations  and  warn- 
ings to  applications:  connection  management,  which  establishes  and  manages 
SQL  connections;  and  session  management,  which  sets  the  attributes  of  an 
SQL  session.  FIPS  127-1  is  being  revised  to  incorporate  SQL  1992. 

In  an  ongoing  effort  to  help  users  and  vendors  determine  compliance  with 
FIPS  127-1,  Database  Language  SQL,  Version  3.0  of  the  NIST  SQL  Test  Suite 
was  released  in  January  1992,  and  has  been  used  in  SQL  validations  since 
July  1992.  Version  3.0  provides  11  test  suite  types  (interfaces)  including 
embedded  and  module  Language  tests  for  Ada.  C.  COBOL.  FORTRAN,  and  Pas- 
cal plus  Interactive  SQL  tests.  Twenty-six  SQL  Test  Suite  licenses  were  added 
this  fiscal  year.  Since  the  NIST  SQL  Test  Suite  was  released,  over  120  SQL 
Test  Suite  licenses  have  been  purchased  for  all  versions  of  the  test  suite. 
Thirty-two  database  language  processors  were  validated  for  conformance  to 
FIPS  127-1  compared  to  25  the  previous  year. 

Under  an  interagency  agreement.  CSL  continued  its  assistance  to  the  DoD 
Computer-aided  Acquisition  and  Logistic  Support  (CALS)  project  in  the  applica- 
tion of  SQL  and  other  data  management  standards  to  CALS  requirements.  NIS- 
TIR  4780,  Guide  for  Specifying  and  Building  Cms  with  Data  Management 
Standards,  and  NISTIR  4902,  Database  Language  SQL:  Integrator  of  CALS  Data 
Repositories,  resulted  from  these  efforts.  CSL  also  provided  support  to  the 
Defense  Advanced  Research  Projects  Agency  (DAF?PA)  for  object  database  technology. 

A research  project  in  hypertext/hypermedia  completed  its  fourth  year  in  col- 
laboration with  the  Systems  and  Software  Technology  Division.  The  laboratory- 
based  research  is  carried  out  in  the  Multimedia  Systems  and  Database 
Laboratories.  Through  talks,  workshops,  and  publications,  project  members 
shared  knowledge  and  experience  in  the  integration  of  hypertext  technology 
with  expert  systems,  database,  graphics,  and  publishing. 

Developed  in  cooperation  with  industry  and  other  federal  agencies,  especially 
the  Department  of  the  Interior,  FIPS  173,  Spatial  Data  Transfer  Standard 
(SDTS),  was  approved  for  use  by  federal  agencies.  The  standard  provides  speci- 
fications for  the  organization  and  stnjcture  of  digital  spatial  data  transfer,  defi- 
nition of  spatial  features  and  attributes,  and  data  transfer  encoding.  FIPS  173 
will  facilitate  the  transfer  of  digital  spatial  data  between  dissimilar  computer 
systems. 

Also  approved  was  FIPS  177,  Initial  Graphics  Exchange  Specification  (IGES). 
The  new  standard  vdll  enable  federal  agencies  to  use  more  effective  and  produc- 
tive computer-aided  design  and  computer-aided  manufacturing  (CAD/CAM) 
techniques. 

Activities  in  support  of  conformance  testing  for  graphics  standards  included: 
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Software  Standards 
Validation 


CSL  conducted  seven  validations  and  issued  seven  certificates  of  conform- 
ance for  FIPS  120-1,  Graphical  Kernel  System  (GKS),  to  assist  federal  agencies 
in  acquiring  GKS  software  that  conforms  to  the  standard. 

Version  2 of  the  Programmer’s  Hierarchical  Interactive  Graphics  System 
(PHIGS)  Validation  Test  Suite  was  completed  in  1992.  NISTIR  4953,  User's 
Guide  for  PHIGS  Validation  Tests  (Version  2),  describes  the  conformance  testing 
process  in  detail.  A PHIGS  Testing  Service  began  October  1,  1992. 

A Computer  Graphics  Metafile  (CGM)  Testing  Service  to  determine  conform- 
ance to  FIPS  128,  CGM,  and  the  CALS  Application  Profile  (MIL-D-28003)  was 
established.  CGM  Generator  Conformance  Tests  were  developed  and  beta 
tested.  A CGM  Generator  Testing  Service  started  on  November  1,  1992. 

As  the  Registration  Authority  for  ISO  Registration  of  Graphical  Items,  CSL 
developed  the  ISO  Register  which  currently  has  16  Linetypes,  19  Hatchstyles, 
25  Escapes.  26  Marker  Types,  and  4 Generalized  Drawing  Primitives.  To  date 
14  copies  of  the  ISO  Register  have  been  licensed. 

Testing  programming  language  compilers  for  conformance  to  FIPS  continued  to 
be  an  important  service  provided  by  CSL.  In  addition  to  existing  validation 
services  for  programming  languages  COBOL  (FIPS  21-3),  FORTRAN  (FIPS  69- 
1).  Pascal  (FIPS  109).  MUMPS  (FIPS  125),  and  Ada  (FIPS  119),  CSL  established 
a new  validation  service  for  the  programming  language  C (FIPS  160).  A new 
publication,  NIST  Special  Publication  500-203,  Conformance  Test  Specifications 
for  COBOL  Intrinsic  Function  Module,  describes  conformance  testing  for  FIPS  21-3, 
Programming  Language  COBOL. 

FIPS  172,  VHSIC  Hardware  Description  Language  (VHDL),  was  approved  in 
1992  for  federal  agency  use.  The  new  standard  promotes  the  portability  of 
VHDL  programs  for  use  on  a variety  of  data  processing  systems. 

During  FY  1992.  programming  and  database  validation  services  were  pro- 
vided to  45  private-sector  companies  and  one  government  agency  for  a total  of 
126  validations.  The  total  number  of  programming  and  database  language  pro- 
cessors currently  validated  as  of  September  30,  1992,  is  397. 

CSL  expanded  its  quarterly  Validated  Products  List,  a collection  of  registers 
listing  implementations  that  have  been  validated  for  conformance  to  FIPS.  In 
addition  to  listing  the  validated  programming  language  processors  for  COBOL, 
FORTRAN,  Ada,  Pascal.  C,  MUMPS,  and  database  language  SQL.  the  publica- 
tion includes  lists  of  validated  products  for  Graphical  Kernel  System  (GKS). 
Computer  Graphics  Metafile  (CGM).  Portable  Operating  System  Interface  for 
Computer  Environments  (POSIX),  Government  Open  Systems  Interconnection 
Profile  (GOSIP),  and  Computer  Security.  The  publication  is  now  sold  through 
the  National  Technical  Information  Service  on  a single-issue  or  subscription 
basis. 

To  facilitate  the  worldwide  conformance  testing  effort,  CSL  sponsored  a 6th 
International  Workshop  on  Harmonizing  Conformance  Testing  of  Computer 
Language  Standards.  Experts  from  the  United  Kingdom,  France,  Italy,  Ger- 
many, Japan,  and  the  United  States  participated  in  the  workshop.  The  at- 
tendees researched  common  areas  of  agreement  among  testing  laboratories  and 
certification  authorities  for  harmonizing  validation  testing  activities. 


Application 
Portability  Profile 
(APP)/Open  Systems 
Environment  (OSE) 


The  NIST  POSIX 
Testing  Program 


SYSTEMS  AND  SOFTWARE 
TECHNOLOGY  DIVISION 

This  division  develops  standards  and  provides  assistance  in  software  engineer- 
ing, office  systems  engineering,  and  distributed  systems  engineering  to  federal 
agencies  and  industry  organizations.  Technical  activities  during  1992  included 
the  following: 

CSL  initiated  a revision,  to  be  published  in  1993,  of  NIST  Special  Publication 
500-187,  Application  Portability  Profile  (APP)  The  U.S.  Government’s  Open  Sys- 
tem Environment  Profile  OSE/ 1 Version  1.0.  Known  as  the  APP  Guide,  the  docu- 
ment defines  an  open  systems  environment  (OSE)  framework  by  describing  the 
information  technology  (IT)  services,  protocols,  interfaces,  and  data  formats 
needed  by  the  U.S.  government  to  support  a broad  range  of  federal  applica- 
tions. For  each  of  seven  service  areas  included  in  the  APP,  the  guide  recom- 
mends standards  and  other  specifications  for  federal  agencies  to  use  in 
developing  and  acquiring  computer  systems.  The  APP  Guide  also  impacted 
many  industry  organizations  who  adopted  the  recommended  specifications  in 
their  internal  environments  to  provide  better  management  and  control  of  IT 
resources. 

The  APP  Guide  enables  organizations  to  organize  and  describe  standards 
and  information  technology  specifications  needed  for  portability  of  applications 
software  and  for  development  of  open  systems.  The  Application  Portability  Pro- 
file/Open Systems  Environment  (APP/OSE)  User’s  Forum  met  twice  this  year 
to  provide  a sounding  board  for  users,  vendors,  and  implementors  on  APP/OSE 
issues.  These  forums  promote  interchange  on  OSE  developments  in  the  federal 
government  and  provide  guidance  to  federal  agencies. 

The  NIST  POSIX  Testing  Program,  initiated  in  1991,  continued  to  evaluate  pro- 
ducts for  conformance  to  FIPS  151-1,  Portable  Operating  System  for  Comput- 
ing Environments  (POSIX).  POSIX  facilitates  the  portability  of  application 
software  at  the  source-code  level  between  dissimilar  computer  systems.  Under 
the  testing  program,  products  are  tested  by  one  of  eight  laboratories  accredited 
by  the  National  Voluntary  Laboratory  Accreditation  Program  (NVLAP)  using  the 
NIST  POSIX  Conformance  Test  Suite  for  FIPS  151-1.  CSL  reviews  test  results 
and  issues  Certificates  of  Validation. 

Over  80  products  have  been  issued  a Certificate  of  Validation  since  the  pro- 
gram’s inception.  These  products  are  listed  in  CSL’s  quarterly  Validated  Pro- 
ducts List  and  are  also  available  on  an  electronic  mail  file  server  system.  If  the 
e-mail  message  send  register  is  sent  to  posix:@nist.gov.  a current  register  of  ac- 
credited testing  laboratories  and  validated  NIST  POSIX  products  will  be  re- 
turned via  e-mail  to  the  sending  e-mail  address. 

A revision  to  FIPS  151-1  was  proposed.  The  revision  updates  the  POSIX 
standard  by  adopting  international  voluntaiy  industry  specifications.  When 
the  new  POSIX  standard  is  approved,  a testing  program  similar  to  the  one  for 
FIPS  151-1  will  be  established  for  the  new  FIPS. 
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High  Integrity 
Software 


Integrated  Software 
Engineering 
Environments  (ISEE) 


CSL  continued  its  ongoing  efTort  to  address  the  issues  in  producing  software  for 
use  in  high  integrity  systems,  those  systems  that  must  be  trusted  to  work  de- 
pendably in  some  critical  function.  To  increase  public  awareness  and  share 
potential  solutions,  CSL  sponsored  six  lectures  in  the  second  year  of  its  Lec- 
tures Series  on  High  Integrity  Systems.  Guest  lecturers  provided  insights  on 
software  engineering  practices  for  high  integrity  software,  software  error  predic- 
tion, the  industrialization  of  formal  methods,  the  transfer  of  software  engineer- 
ing technology,  and  the  management  of  risk  in  developing  and  assuring  high 
integrity  software.  The  lecture  series  targeted  federal  and  industry  managers, 
technical  staff,  and  users. 

Under  an  interagency  agreement  with  the  Nuclear  Regulatory  Commission, 
CSL  conducted  a study  of  several  standards,  draft  standards,  and  guidelines 
addressing  high  integrity  software.  The  study  produced  a template  of  criteria  of 
subjects  (e.g.,  life  cycle  issues,  software  engineering  practices,  required  soft- 
ware functionality,  software  assurance  activities,  procurement,  presentation) 
for  comparing  and  contrasting  the  documents.  The  study  concluded  that  no 
single  document  met  all  the  criteria  but  that  a reasonable  framework  could  be 
developed  from  these  documents.  NIST  Special  Publication  (SP)  500-204,  High 
Integrity  Software  Standards  and  Guidelines,  presents  the  results  of  the  study; 
a related  report,  NISTIR  4909,  Software  Quality  Assurance:  Documentation  and 
Reviews,  examines  a software  quality  assurance  standard  written  specifically 
for  the  nuclear  industry. 

CSL  cosponsored  the  Seventh  Annual  Conference  on  Computer  Assurance. 
COMPASS  ’92,  an  annual  event  providing  a forum  for  issues  of  software  safety, 
process  integrity,  and  computer  security. 

CSL  continued  its  series  of  ISEE  workshops  to  develop  a reference  model  and 
tool  interface  specifications  for  fuUy  integrated  software  engineering  environ- 
ments which  support  software  products  and  processes  throughout  the  software 
life  cycle.  The  workshop  works  closely  with  other  programs  in  software  en- 
gineering environments  including  those  of  the  European  Computer  Manufac- 
turers Association  (ECMA),  the  Defense  Information  Systems  Agency  (DISA), 
the  Navy’s  Next  Generation  Computer  Resources  (NGCR),  the  Defense  Ad- 
vanced Research  Project  Agency  (DARPA),  the  Ada  Joint  Program  Office  (AJPO), 
the  International  Workshop  on  Computer-Aided  Software  Engineering  (fW- 
CASE),  the  National  Aeronautics  and  Space  Administration  (NASA),  the  Soft- 
ware Engineering  Institute  (SEI),  the  Institute  of  Electrical  and  Electronics 
Engineers  (IEEE),  and  industry  efforts.  CSL  and  ECMA  published  a joint  NIST 
SP  500-201,  Reference  Model  for  Frameworks  of  Software  Engineering  Environ- 
ments Technical  Report.  CSL  will  continue  the  harmonization  of  joint  efforts 
with  ECMA  and  NGCR  to  develop  a standard  ISEE  for  open  systems 
environments. 
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Building  upon  its  proposal  to  use  the  ECMA  PCTE  (Portable  Common  Tool 
Environment)  speclfieation  as  the  basis  for  development  of  tool  interface  specifi- 
cations in  software  engineering  environments,  CSL  collaborated  with  the  Office 
of  the  Director  of  Defense  Information  (DDI),  Department  of  Defense  (DoD),  and 
the  Object  Management  Group  (OMG)  to  establish  the  North  American  PCTE  In- 
itiative (NAPI).  This  initiative  will  develop  recommendations  for  extending  the 
tool  interface  specifications,  produce  a publicly  available  reference  implementa- 
tion of  PCTE,  establish  a PCTE  validation  capability,  and  support  the  acquisi- 
tion of  PCTE  implementations  and  PCTE-based  products.  In  addition,  CSL  is 
establishing  a federated  software  engineering  environment  laboratory  (SEEL) 
for  laboratory-based  investigation  of  PCTE  and  its  SEE  interface  specifications 
to  support  the  NAPI  effort. 

Multimedia  Systems  In  the  Multimedia  Systems  Laboratory,  researchers  focused  on  the  interrelation 

of  document  standeirds  and  their  benefits  to  users. 

In  support  of  the  Department  of  Defense  Computer-aided  Acquisition  and  Lo- 
gistic Support  (CALS)  program,  CSL  published  two  new  documents:  NISTIR 
4800,  An  Overview  of  the  Docwnent  Style  Semantics  and  Specification  Language 
and  the  MJL-M-28001A  Output  Specification,  provides  an  overview  of  the 
functional  similarities  between  the  Document  Style  Semantics  and  Specifica- 
tion Language  (DSSSL)  and  the  Output  Specification  (OS)  of  MIL-M-28001A: 
NISTIR  4830,  Next  Generation  Documents,  summarizes  the  findings  of  a CSL- 
sponsored  workshop  on  these  documents  and  releveint  standards. 

In  collaboration  with  the  Information  Systems  Engineering  Division,  re- 
search continued  on  a joint  project  on  hypertext  and  hypermedia  technologies. 
As  part  of  that  effort,  the  Hypermedia  Lecture  Series  featured  five  lectures  on 
topics  such  as  the  flexible  access  to  multimedia  information,  models  for  h3qDer- 
text,  the  Chemistry  Online  Retrieval  Experiment  (CORE)  project  at  Cornell  Uni- 
versity, open  hyperdocument  systems,  and  performance-based  evaluation 
methods  for  hypertext.  Hypermedia  technologies  permit  the  integration  of 
searching,  linking,  and  multimedia  presentations  using  optical  storage  and 
networked  systems. 
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Cryptographic 

Standards 


Assistance  to 
Federal  Agencies 


COMPUTER  SECURITY  DIVISION 

The  Computer  Security  Division  provides  guidance  and  technical  assistance  to 
government  and  industry  in  the  protection  of  unclassified  automated  informa- 
tion resources.  The  Computer  Security  Act  of  1987  strengthened  and  reaf- 
firmed CSL's  mandate  to  assist  federal  agencies  in  the  protection  of  computer 
systems  and  networks. 

In  April  1992,  the  Secretary  of  Commerce  approved  Federal  Information  Pro- 
cessing Standard  (FIPS)  171,  Key  Management  Using  ANSI  X9.17,  for  federal 
agency  use.  ANSI  X9.17  is  a voluntary  industry  computer  security  standard 
that  defines  procedures  for  the  manual  and  automated  management  of  the 
data  (e.g.,  keys  and  Initialization  vectors)  necessary  to  establish  and  maintain 
cryptographic  keying  relationships.  This  data  is  known  as  keying  material. 

ANSI  X9.17  uses  the  Data  Encryption  Standard  (DES)  to  implement  key  man- 
agement practices  in  a variety  of  operational  environments  and  contains  a num- 
ber of  options.  FIPS  171  specifies  a particular  set  of  these  options  for  the 
automated  distribution  of  keying  material  by  the  federal  government  using  the 
protocols  of  ANSI  X9.17. 

CSL  started  its  third  review  of  the  Data  Encryption  Standard  (DES)  to  deter- 
mine its  adequacy  in  protecting  federal  data  in  the  1990s.  FIPS  46-1,  DES, 
was  approved  for  federal  agency  use  in  1977  and  was  reaffirmed  after  reviews 
in  1983  and  1987.  The  DES  specifies  a publicly  known  encryption  algorithm 
which  is  used  with  a secret  key  to  provide  secure  communications. 

In  collaboration  with  the  Office  of  Management  and  Budget  (OMB)  and  the 
National  Security  Agency  (NSA),  CSL  visited  28  federal  agencies  to  increase 
security  awareness  among  senior  managers.  These  visits  showed  that  agencies 
are  hiring  professional  staff  to  address  computer  security:  agencies  have  imple- 
mented numerous  management  controls  to  protect  automated  information; 
agencies  are  focusing  on  contingency  and  disaster  recovery  planning;  and  agencies 
are  conducting  periodic  security  awareness  training  as  mandated  by  the  Com- 
puter Security  Act.  CSL  will  assist  OMB  in  follow-up  visits  and  provide  technical 
assistance  to  agencies  that  have  reported  computer  security  as  a high-risk  area. 

CSL  maintained  working  agreements  with  the  Environmental  Protection 
Agency,  the  Farmers  Home  Administration,  the  Nuclear  Regulatory  Commis- 
sion, and  the  National  Oceanic  and  Atmospheric  Administration  in  the  areas  of 
policy  development  and  security  management  and  administration. 

CSL  hosted  two  workshops  and  conducted  a study  to  identify  what  federal 
agencies  need  to  meet  requirements  in  a wide  variety  of  security  and  data  pro- 
cessing environments.  NISTIR  4976,  Assessing  Federal  and  Commercial  Infor- 
mation Security  Needs,  presents  the  results  of  the  study.  A second  study  is  in 
process  that  will  help  CSL  determine  the  areas  in  which  federal  agencies  need 
additional  NIST  guidance  and  standards. 

CSL  is  developing  a handbook  to  assist  individuals  in  protecting  their  infor- 
mation technology  (IT)  resources.  The  handbook  will  introduce  users  to  the 
field  of  IT  security,  highlighting  security  controls  along  with  cost  considerations 
and  interdependencies. 
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Computer  Viruses 


Network  Security 


Vuinerabiiity  Testing 


Work  continued  on  the  federal  criteria  project,  a joint  effort  of  CSL  and  NSA 
to  develop  new  criteria  for  trusted  systems  with  capabilities  for  evaluating  secu- 
rity controls,  controlling  access  to  services  and  data,  and  assuring  the  availabil- 
ity of  data,  systems,  applications,  and  services.  A draft  FIPS  is  planned  for 
1993,  to  be  followed  by  a workshop  to  consider  comments  received  on  the  draft. 

CSL  continued  to  conduct  research  in  several  facets  of  the  computer  virus  prob- 
lem, including  virus  signatures  and  the  precise  identification  of  viruses.  Pre- 
cise identification  is  designed  to  enable  effective  cataloging  and  naming  of 
viruses.  NIST  Special  Publication  800-5,  A Guide  to  the  Selection  of  Anti-Vims 
Tools  and  Techniques,  assists  federal  agencies  in  the  procurement  of  appro- 
priate anti-virus  tools.  A second  document,  NISTIR  4939,  Threat  Assessment 
of  Malicious  Code  and  External  Attacks,  provides  an  assessment  of  these 
threats  on  computer  systems  using  commercially  available  hardware  and 
software. 

Testing  and  demonstrating  network  security  protocols  continued  in  CSL’s  Open 
Systems  Interconnection  (OSl)  Security  Laboratoiy.  In  collaboration  with  NSA, 
CSL  researchers  focused  on  the  Secure  Data  Network  System  (SDNS)  Security 
Protocol  at  Layer  4,  the  transport  layer  of  the  OSl  reference  model.  NISTIR 
4792,  A Formal  Description  of  the  SDNS  Security  Protocol  at  Layer  4 (SP4),  re- 
sulted from  this  research.  A second  report.  NISTIR  4934,  Protocol  Implementa- 
tion Conformance  Statement  (PICS)  Proforma  for  the  SDNS  Security  Protocol  at 
Layer  4 (SP4),  identifies  the  capabilities  and  options  of  the  protocol  that  have 
been  implemented. 

Also  published  was  NISTIR  4734,  Foundations  of  a Security  Policy  for  Use  of 
the  National  Research  and  Educational  Network,  which  explores  requirements 
for  a national  network  security  policy  and  proposes  a draft  policy  for  the 
National  Research  and  Education  Network  (NREN).  This  network  will  link  thou- 
sands of  federal  and  industry  research  organizations  and  academic  institutions 
nationwide. 

A FIPS  was  developed  and  proposed  for  Standard  Security  Label  for  the 
Government  Open  Systems  Interconnection  Profile  (GOSIP).  Standard  security 
labels  will  enable  organizations  to  make  access  control  decisions,  to  specify  pro- 
tection measures,  and  to  carry  out  a communications  security  policy. 

Sponsored  by  the  Defense  Advanced  Research  Projects  Agency  (DARPA),  CSL 
developed  an  Advanced  Smartcard  Access  Control  System  (ASACS).  Easily  car- 
ried in  a wallet  or  purse,  the  smartcard  provides  users  with  a secure  means  for 
user  authentication  and  for  generating  and  verifying  digital  signatures.  Digital 
signature  technology  is  a crucial  element  in  the  processing  of  electronic  docu- 
ments, as  a replacement  for  the  handwritten  signature. 

CSL  is  interested  in  enhancing  the  security  of  today’s  systems,  as  well  as  im- 
proving the  security  controls  of  tomorrow.  Current  security  problems  often  re- 
sult from  misuse  rather  than  weakness  of  controls.  Research  in  this  area 
resulted  in  NIST  Special  Publication  800-6,  Automated  Tools  for  Testing  Com- 
puter System  Vulnerability.  This  publication  will  help  system  administrators  de- 
tect vulnerabilities  before  security  is  breached. 
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Computer  Security  in 
Federal  Procurements 


Cooperative 

Interactions 


Information 

Exchange 


In  order  to  meet  federal  policies  and  regulations,  federal  agencies  must  include 
computer  security  considerations  in  all  phases  of  information  resources  man- 
agement. CSL  published  NIST  Special  Publication  800-4.  Computer  Security  Re- 
quirements in  Federal  Procurements,  to  help  agencies  include  computer  security 
in  the  acquisition  phase  of  systems  development.  In  general,  this  process  re- 
sults in  less  expensive  and  better  security  than  adding  security  to  operational 
systems.  A related  document.  NISTIR  4749.  Sample  Statements  of  Work  for  Fed- 
eral Computer  Security  Services:  For  Use  In-House  or  Contracting  Out,  assists 
federal  agencies  and  government  contractors  in  the  acquisition  of  computer 
security  services. 

In  March  1992.  CSL  and  the  Canadian  Communications  Security  Establishment 
established  an  Memorandum  of  Understanding  (MOU)  to  pursue  technical 
cooperation  in  Information  Security  (INFOSEC).  The  MOU  provides  a frame- 
work for  the  two  governments  to  facilitate  the  coordination  and  development  of 
INFOSEC  standards  and  criteria  for  the  protection  of  sensitive  unclassified  data. 

CSL  continued  its  support  of  the  Forum  of  Incident  Response  and  Security 
Teams  (FIRST)  by  serving  as  the  secretariat  of  FIRST  and  chairing  the  FIRST 
Steering  Committee.  This  collaboration  of  government  and  private-sector  or- 
ganizations sharing  security  incident-related  information  continues  to  grow 
both  nationally  and  internationally. 

The  Computer  System  Security  and  Privacy  Advisory  Board,  established  by 
the  Computer  Security  Act  of  1987.  met  four  times  in  1992  to  discuss  signifi- 
cant emerging  computer  security  issues.  CSL  also  hosted  six  meetings  of  the 
Federal  Computer  Security  Program  Managers  Forum  to  share  experiences  and 
information  on  mutual  problems  and  possible  solutions,  and  sponsored  the  an- 
nual meeting  of  the  Federal  Information  Systems  Security  Educators’ 

Association  (FISSEA). 

Sharing  information  with  government,  industry,  and  the  public  remained  a 
high  priority.  CSL  and  NSA  cosponsored  the  15th  National  Computer  Security 
Conference,  in  Baltimore,  Maryland  in  October  1992.  for  about  1,800  partici- 
pants from  government,  industry,  and  foreign  countries.  The  national  confer- 
ence encourages  the  international  exchange  of  ideas  and  information 
concerning  information  technology  security  and  related  standards,  criteria,  and 
testing  issues.  This  year’s  conference  theme  was  Information  Systems 
Security:  Building  Blocks  to  the  Future. 

CSL  enhanced  its  Computer  Security  Bulletin  Board  System  (BBS)  to  facili- 
tate dissemination  of  information  on  IT  security  issues,  ranging  from  timely 
security  alerts  to  CSL  security  publications.  NISTIR  4933,  Computer  Security 
Bulletin  Board  System  User's  Guide,  gives  complete  information  on  accessing 
and  using  this  valuable  resource,  via  a modem  or  the  internet.  In  addition, 

CSL  participates  in  the  Network  Security  Information  Exchange  (NSIE),  which 
facilitates  the  exchange  of  security  information  on  the  public  switched  com- 
munications networks. 

NISTIR  4846,  Computer  Security  Training  and  Awareness  Course  Com- 
pendium, was  issued  to  assist  federal  agencies  in  locating  computer  security 
training  resources  nationwide. 
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Open  Systems 
Specifications 


Evaiuation  Guideiines 


SYSTEMS  AND  NETWORK 
ARCHITECTURE  DIVISION 

Programs  in  the  Systems  and  Network  Architecture  Division  address  the 
development  and  standardization  of  Open  Systems  Interconnection  (OSI),  the 
development  and  application  of  automated  protocol  methods,  and  the  advance- 
ment of  technology  for  integrated,  interoperable  network  management.  OSI  net- 
works permit  equipment  and  systems  from  different  manufacturers  to 
interoperate. 

CSL  has  been  working  with  the  Canadian  government,  the  World  Federation  of 
MAP/TOP  Groups,  and  the  electric  power  industry  to  develop  a common  specifi- 
cation for  computer  networking  products  that  conform  to  OSI  international 
standards.  The  resulting  Industry/Govemment  Open  Systems  Specification 
(IGOSS)  is  expected  to  become  a single  North  American  OSI  specification. 

By  consolidating  the  requirements  of  a large  segment  of  the  user  commu- 
nity, the  IGOSS  will  enable  the  major  user  groups  to  speak  to  the  vendors  with 
one  voice  and  represents  significant  purchasing  power  for  OSI  systems.  Future 
versions  of  Federal  Information  Processing  Standard  (FIPS)  146-1,  Government 
Open  Systems  Interconnection  Profile  (GOSIP),  will  point  to  the  IGOSS  and  will 
specify  special  federal  government  requirements  and  protocol  specifications 
that  have  not  been  agreed  to  by  the  other  IGOSS  organizations. 

Work  continued  to  develop  implementation  agreements  for  OSI  standards. 
Cosponsored  by  CSL  and  the  IEEE  Computer  Society,  the  Open  Systems  En- 
vironment (OSE)  Implementors’  Workshop  (OIW)  met  four  times  in  1992.  Atten- 
dance at  the  workshop  continued  at  nearly  300  participants  per  meeting. 
Formerly  called  the  OSI  Implementors’  Workshop,  the  OfW  expanded  its 
charter  in  June  1992  to  include  OSE-related  topics  and  changed  its  name  to  re- 
flect its  new  focus.  One  work  item  introduced  as  a result  of  the  expanded 
charter  was  the  development  of  Application  Programming  Interfaces  (APIs) 
which  provide  a portable  interface  to  OSI  networking  services.  NIST  Special 
Publication  500-202,  Stable  Implementation  Agreements  for  Open  Systems  Inter- 
connection Protocols,  Version  5,  Edition  1,  December  1991,  records  stable  im- 
plementation agreements  of  OSI  protocols  developed  by  organizations  that 
participate  in  the  OfW.  Harmonization  of  OfW  activities  with  those  of  other 
regional  workshops  continued. 

CSL  developed  a series  of  evaluation  guidelines  for  OSI  applications  to  assist 
users  and  acquisition  authorities  in  determining  the  degree  to  which  implemen- 
tations of  those  applications  meet  their  specific  performance  and  functional  re- 
quirements. Evaluation  guidelines  for  the  Message  Handling  Systems  (MHS) 
and  the  File  Transfer,  Access  and  Management  (FTAM)  applications  were 
issued  previously;  in  1992,  CSL  issued  NIST  Special  Publication  500-205, 
Guidelines  for  the  Evaluation  of  Virtual  Terminal  Implementations. 
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GOSIP  Testing 
Program 


OSI  Security 
Protocols 


Cooperative 
Laboratory  for  OSI 
Routing  Technology 


To  assist  federal  agencies  in  procuring  products  specified  by  FIPS  146-1. 

GOSIP,  CSL  developed  a comprehensive  test  policy  and  procedures  for  testing 
OSI  products.  The  program  provides  for  demonstration  of  technical  credibility, 
acceptability  to  both  vendors  and  users,  assurance  of  interoperability,  and  pro- 
vides a basis  for  international  recognition  of  national  testing. 

Under  the  testing  program,  CSL  established  public  registers  for: 

GOSIP  Abstract  Test  Suites  (ATSs) 

Interoperability  Test  Suites 
Assessed  Means  of  Testing  (MOTs) 

Accredited  Test  Labs 
GOSIP  Reference  Implementations 
Conformance  Tested  GOSIP  Products 
Approved  Accredited  Lab  for  MOT  Qualification 
Interoperability  Testing  Services 

ATSs  for  those  protocols  for  which  conformance  testing  is  mandatory,  ap- 
proximately 30  MOTs,  and  about  70  OSI  registered  products  (including  Derived 
Products)  are  on  the  respective  registers.  CSL  implemented  a quality  improve- 
ment system  covering  five  areas  of  its  GOSIP  Testing  Program;  ATSs,  MOTs. 
Labs,  Test  Reports,  and  the  vendor  Development  Process.  The  GOSIP  Testing 
Program  is  carried  out  in  cooperation  with  the  OIW,  the  European  Community, 
and  several  accreditation  bodies  in  Europe. 

CSL  lead  the  effort  in  standardizing  OSI  lower  layer  security.  The  Transport 
Layer  Security  Protocol  (TLSP),  for  which  CSL  is  the  international  editor,  be- 
came an  international  standard  at  the  International  Organization  for  Stand- 
ardization (ISO)  meeting  in  July  1992.  The  Network  Layer  Security  Protocol 
(NLSP)  was  elevated  to  Draft  International  Status  largely  through  the  effort  of 
CSL.  Both  standards  are  being  introduced  into  the  OIW  and  will  have  stable 
implementation  agreements  next  year.  CSL,  in  cooperation  with  NSA,  is  in  the 
process  of  describing  NLSP  in  a communications  protocol  specification  lan- 
guage called  Estelle.  In  OSI  upper  layer  security,  CSL  persuaded  the  inter- 
national standards  community  to  begin  work  on  a key  management  standard. 
CSL  believes  that  this  area  needs  immediate  standardization  by  ISO  and 
offered  to  be  the  editor  for  this  new  item. 

FIPS  146-1,  GOSIP.  provides  the  blueprint  for  federal  procurements  of  multi- 
vendor. interoperable  computer  networking  products.  Supported  by  the  Depart- 
ment of  Energy  and  the  National  Science  Foundation,  CSL  developed  the 
Cooperative  Laboratory  for  OSI  Routing  Technology  to  establish  a collaborative 
research  program  with  industiy,  government,  and  academia.  The  laboratory 
provides  an  open  testbed  facility  for  OSI  routing  products,  fosters  mature,  com- 
mercially available  OSI  routing  products,  and  develops  methodologies  and  pro- 
totype tools  to  support  conformance  testing,  interoperability  testing,  and 
product  evaluation  of  OSI  routing  technology. 
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Electronic  Data 
Interchange 


Network 

Management 


CSL  conducted  its  second  open  laboratory  in  1992  for  interoperability  test- 
ing among  implementations  of  the  OSI  Intermediate  System  to  Intermediate 
System  (IS-IS)  Intra-domain  Routing  Exchange  Protocol.  Implementations  from 
nine  vendors  were  tested  for  interoperability  in  a live  OSI  environment.  As  part 
of  this  effort,  CSL  is  developing  conformance  testing  methodologies  and  proto- 
type systems  for  multi-party  protocols  such  as  IS-IS.  At  the  February  open 
laboratory,  staff  demonstrated  a prototype  Multi-party  Conformance  Test  Sys- 
tem for  the  IS-IS  protocol  (IS-IS  MPCTS)  which  was  exercised  against  vendor  im- 
plementations using  a sample  test  suite.  The  IS-IS  test  suite  has  since  been 
expanded  to  100  tests  which  have  been  successfully  mn  against  three  vendor 
implementations. 

CSL  assisted  federal  agencies  in  the  use  of  Electronic  Data  Interchange  (EDI) 
and  the  integration  of  EDI  into  open  systems.  Researchers  developed  software 
design  documents  for  a set  of  EDI  tools  to  assist  users  in  prototyping,  testing, 
and  using  EDI  applications  based  on  standard  or  non-standard  transaction 
sets.  Also  designed  was  a system  to  frcinsmit  EDI  transactions  over  X.400- 
based  electronic  mail  systems.  FTAM-based  file  transfer  systems,  and  Value- 
Added  Networks.  Implementations  based  on  these  designs  are  in  process.  The 
Department  of  Defense,  the  Internal  Revenue  Service,  and  the  General  Services 
Administration  sponsored  these  projects. 

In  order  to  provide  leadership  to  the  standardization  of  an  X.400-based  elec- 
tronic mail  application  program  interface  (API).  CSL  chairs  the  IEEE  X.400  API 
working  group.  The  draft  X.400  API  standard  is  in  the  final  phase  of  balloting 
and  a complete  IEEE  standard  is  expected  in  early  1993. 

In  December  1992,  the  Secretaiy  of  Commerce  approved  FIPS  179,  Govern- 
ment Network  Management  Profile  (GNMP),  for  federal  agency  use.  The  GNMP 
specifies  the  common  management  information  exchange  protocol  and  services, 
specific  management  functions  and  services,  and  the  s)nntax  and  semantics  of 
the  management  information  required  to  support  monitoring  and  control  of  the 
network  and  system  components  and  their  resources.  The  GNMP  builds  on 
FIPS  146-1,  GOSIP,  and  includes  GOSIP  Version  2.0  by  reference.  The  GNMP 
and  GOSIP  are  interrelated  and  cross-reference  each  other  as  required. 

CSL  continued  to  work  with  industry  consortia  to  bring  the  GNMP  into  align- 
ment with  the  Open  Management  Roadmap,  a worldwide  coalition  of  users  cind 
industry  addressing  the  complex  problem  of  interoperable  management  of  het- 
erogenous systems  and  networks.  The  results  of  the  Roadmap  activity  are 
agreed  specifications,  including  the  GNMP  as  an  example  procurement  specifi- 
cation. Besides  the  role  of  catalyst.  CSL  is  an  active  partner  in  the  Roadmap, 
ensuring  that  federal  requirements  for  interoperable  network  management  are  met. 
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ISDN 


Distributed  Systems 


ADVANCED  SYSTEMS  DIVISION 

The  Advanced  Systems  Division  conducts  research  and  provides  technical  as- 
sistance to  federal  agencies  and  industry  organizations  in  advanced  com- 
munications such  as  Integrated  Services  Digital  Network  (ISDN),  distributed 
systems,  automated  recognition,  data  storage  technologies,  and  parallel 
processing. 

CSL  continued  its  support  of  the  North  American  ISDN  Users’  Forum  (NIUF)  to 
ensure  that  emerging  ISDN  applications  meet  the  needs  of  users.  The  manage- 
ment of  the  forum  is  governed  by  a Cooperative  Research  and  Development 
Agreement  (CRDA)  with  industry  which  now  has  36  signatories.  The  NIUF  met 
three  times  in  1992  and  cosponsored  the  Transatlantic  ISDN  Project  1992 
(TRIP  ’92)  event  in  November  which  celebrated  the  beginning  of  a national  ISDN 
network  based  on  uniform  implementation  of  standards.  CSL  hosted  a week- 
long  open  house  and  demonstrated  more  than  20  ISDN  applications  including 
video/mulbmedia  conferencing,  LAN-to-LAN  bridging,  and  Group  4 facsimile. 
Two  new  documents  launched  CSL’s  publication  series  focusing  on  ISDN: 
Special  Publication  (SP)  823- 1 . Overview  of  Integrated  Services  Digital  Network 
Conformance  Testing  and  SP  823-2,  Integrated  Services  Digital  Network  Con- 
formance Testing,  Layer  1 “ Physical  Layer,  Part  2 ” Basic  Rate  U Interface,  User 
Side. 

Researchers  concentrated  on  the  evaluation  and  development  of  protocol 
standards  for  broadband  ISDN  (B-ISDN)  and  high-speed  networking,  especially 
control  signalling  and  traffic  management,  and  the  development  of  implementa- 
tion agreements,  testing,  and  applications  for  the  narrowband  ISDN  which  is 
being  deployed  nationwide. 

CSL  announced  a draft  Federal  Information  Processing  Standard  (FIPS)  for 
ISDN.  The  FIPS  specifies  a set  of  generic  protocols  for  setting  up  transparent 
pipes  to  provide  a minimal  set  of  bearer  services,  and  conformance  test  specifi- 
cations for  these  protocols.  It  is  based  on  ANSI  standards  and  Implementation 
Agreements  produced  by  the  NIUF. 

Development  of  ISDN  conformance  tests  continued  as  an  important  activity 
of  CSL.  In  1992,  CSL  led  the  development  of  four  more  test  suites  within  the 
NIUF  for  ISDN  Layers  1,  2 and  3 protocols.  These  and  other  NIUF  test  suites 
will  provide  the  conformance  test  requirements  for  the  proposed  FIPS  for  ISDN. 
CSL  continues  to  harmonize  test  suites  internationally  as  a step  towards  the 
goals  of  widespread  availability  of  portable,  multi-vendor  equipment  and 
mutual  recognition  of  testing  for  ISDN. 

Research  in  distributed  systems  focused  on  the  technical  preparation  for  TRIP 
’92.  Participating  federal  agencies  included  the  Internal  Revenue  Service  (IRS), 
the  General  Services  Administration,  the  Department  of  Veterans  Affairs,  the 
Department  of  Energy,  and  the  Departments  of  the  Army  and  Navy.  Many  of 
CSL’s  CRDA  industry  partners  also  took  part,  through  the  loan  of  equipment 
and  services,  in  the  development  and  demonstration  of  ISDN  applications. 

ISDN  over  satellite  to  Goonhilly,  England,  was  demonstrated  through  a coopera- 
tive arrangement  with  COMSAT. 
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Automated 

Recognition 


CSL  developed  an  Information  Systems  and  Technology  Strategy,  coordinat- 
ing the  initiatives  of  the  Corporate  Information  Management  (CIM)  Office  and 
the  Defense  Information  Systems  Agency  (DISA)  for  the  Manpower  and  Person- 
nel Command  of  the  U.S.  Navy.  Strategy  implementation  guidance  was  issued 
in  communications,  application  development,  physical  database  access,  facili- 
ties. procurement,  decision  support,  and  business  improvement.  For  the  IRS, 
CSL  developed  an  ISDN  tutorial  and  user’s  guide,  an  ISDN  prototype  of  Inte- 
grated Examination  System,  and  a tutorial  on  data  compression. 

For  the  Department  of  Veterans  Affairs  (DVA),  projects  included  the  integra- 
tion of  image  technology  with  the  DVA  hospital  system  as  well  as  presentations 
at  medical  computing  conferences  and  the  MUMPS  Users  Group.  Finally,  col- 
laboration with  the  Defense  Logistic  Agency  focused  on  multimedia  on  ISDN 
and  video  conferencing  with  an  ISDN  profile. 

Research  in  distributed  systems  focused  on  the  development  of  ISbN  Appli- 
cations profiles.  LAN  interconnectivity,  video  conferencing,  screen  sharing,  and 
image  transfer.  Other  areas  included  compression  techniques  and  object- 
based  information  systems  architectures. 

In  cooperation  with  the  Federal  Bureau  of  Investigation,  CSL  developed  the 
world’s  first  neural  network  fingerprint  classification  system.  The  system 
achieves  classification  accuracy  of  95.4  percent  with  10  percent  rejects  and 
processes  a fingerprint  in  less  than  three  seconds  on  a massively  parallel  com- 
puter. NISTIR  4880,  Massively  Parallel  Neural  Network  Fingerprint  Classifica- 
tion System,  describes  the  system  in  detail.  In  order  to  test  this  system, 
researchers  produced  Special  Database  4,  containing  2000  matched  500  by 
500  pixel  gray  level  fingerprint  images;  61  copies  of  Special  Database  4 have 
been  sold  to  date. 

Researchers  also  developed  a massively  parallel  character  recognition  sys- 
tem. The  system  scans  a structured  form  filled  in  with  hand-print,  isolates  the 
entry  fields  on  the  form,  segments  and  classifies  the  hand-printed  characters, 
and  returns  the  hand-printed  information  on  the  form  as  ASCII  text.  The  sys- 
tem integrates  traditional  image  processing  techniques  with  neural  network 
classification  techniques  on  a massively  parallel  computer  to  achieve  end-to- 
end  throughput  of  13  seconds  per  form  (4.3  characters  per  second).  The  sys- 
tem significantly  improves  accuracy  and  speed,  effectively  replacing  key  data 
entry  in  existing  data  capture  systems. 

In  May  1992,  CSL  collaborated  with  the  Census  Bureau  to  conduct  the  first 
of  a planned  series  of  Optical  Character  Recognition  (OCR)  Systems  Confer- 
ences: NISTIR  4912,  The  First  Census  Optical  Character  Recognition  Systems 
Conference,  presents  details  of  the  conference.  Another  first  was  the  Text  RE- 
trieval  Conference  (TREC),  held  in  November  1992,  which  was  cosponsored  by 
CSL  and  the  Defense  Advanced  Research  Projects  Agency  (DARPA).  The  goal  of 
the  conference  was  to  encourage  research  in  information  retrieval  from  large 
text  applications  by  providing  a large  test  collection,  uniform  scoring  proce- 
dures. and  a forum  for  organizations  interested  in  comparing  their  results.  An- 
nual conferences  on  text  retrieval  are  planned. 
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Partially  sponsored  by  DAPiPA,  research  in  speech  recognition  technology 
proceeded  in  collaboration  with  academia  and  industry.  The  use  of  CD-ROM 
data  storage  media  in  the  United  States  for  the  exchange  of  recorded  speech 
databases  ( corpora)  within  the  speech  research  community  continued  to  ad- 
vance. In  addition  to  CD-ROM  sets  released  for  DARPA.  further  releases  are 
planned  as  reference  material  for  use  in  speech  research.  CSL’s  work  on  the 
design  and  development  of  test  procedures  and  other  materials  for  the  DARPA 
Spoken  Language  Systems  Program  and  other  Department  of  Defense  speech 
research  programs  continued. 

Data  Stora^B  CSL  chairs  the  Association  for  Information  and  Image  Management  (AIIM)  com- 
mittee C21.  Optical  Disk  Applications,  and  actively  supports  the  development 
of  standards  for  media  error  monitoring,  media  interchange,  test  methods,  and 
life  expectancy  for  optical  disk  systems.  Research  in  data  storage  technologies 
for  optical  disk  resulted  in  NIST  Special  Publication  500-200,  Testing 
Methodology  to  Predict  Life  Elxpectancy  Values  for  Optical  Disk  Medicu  This 
work  has  contributed  to  the  draft  industry  standard  on  life  expectancy  of  CD 
(compact  disk)  media.  Optical  disk  research  focused  on  data  integrity  studies 
for  optical  disk  media,  including  monitoring  and  reporting  techniques  for  error 
rate  and  error  distribution  in  optical  disk  systems.  A test  platform  is  being 
developed.  The  National  Archives  and  Records  Administration,  the  Social  Secu- 
rity Administration,  the  Federal  Bureau  of  Investigation,  and  another  federal 
agency  partially  funded  this  work. 

Another  research  area  focused  on  magnetic  tape  media.  NIST  Special  Publi- 
cation 500-199,  The  3480  Type  Tape  Cartridge:  Potential  Data  Storage  Risks, 
and  Care  and  Handling  Procedures  to  Minimize  Risks,  summarizes  techniques 
for  protecting  this  media.  A new  Standard  Research  Material  (SRM)  was  pro- 
duced and  is  described  in  NIST  Special  Publication  260-1 18,  Calibration  of 
NIST  Standard  Reference  Material  (SRM)  3202 for  1 8-Track  Parallel  and  36- 
Track  Parallel  Serpentine  12.65  mm,  1491  cprrxm  Magnetic  Tape  Cartridge.  SRM 
3202,  Secondary  Standard  12.65  mm  Magnetic  Tape  Cartridge,  was  made  avail- 
able for  sale.  The  SRM  provides  the  manufacturers  of  certain  magnetic  tape 
cartridge  drives  and  media  \vith  a reference  for  several  magnetic  properties  in- 
cluding output  signal  amplitude,  typical  field,  overwrite,  and  resolution. 

The  use  of  imaging  technology  in  a Social  Security  Administration  (SSA) 
local-area  network  was  prototyped  to  demonstrate  the  feasibility  of  imaging  of 
general  correspondence.  Another  SSA  prototype  is  being  developed  to  replace 
microfilm  records  of  employee  earnings  with  a computer  system.  This  proto- 
type involves  research  into  indexing  methodologies  and  user  interface  con- 
siderations resulted  in  the  development  of  an  algorithm  for  approximate  match 
database  searching. 

CSL  hosted  a March  1992  workshop  on  the  Electronic  Exchange  of  Finger- 
print Images.  A major  revision  of  ANSI/NIST/ICST  1-1986,  Data  Format  for  the 
Interchange  of  Fingerprint  Information,  is  in  process.  The  revised  standard  will 
be  the  basis  for  the  exchange  of  fingerprints  between  law  enforcement  agencies 
throughout  the  country.  Funded  by  the  Federal  Bureau  of  Investigation,  re- 
search included  image  data  compression  and  image  quality. 
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ParaSlel  Processing  in  1992.  researchers  pursued  two  areas  in  performance  measurement,  the  first 

on  low-perturbation  data  capture  hardware  for  parallel  systems,  the  second 
simplified  software  approaches  to  performance  improvement.  Under  DARPA 
sponsorship,  the  MultiKron  Very  Large  Scale  Integration  (VLSI)  instrumenta- 
tion chip  was  successfully  fabricated  and  the  technolo^  transferred  to  Intel 
Corporation  for  their  Paragon  supercomputer  parallel  system.  NISTIR  4737, 
Operating  Principles  of  MultiKron  Performance  Instrumentation  for  MIMD  Comput- 
ers, describes  the  single-chip  VLSI  design,  which  replaces  earlier  NIST  instru- 
mentation chip  sets.  A redesign  and  refabrication  of  a faster  MultiKron  version 
in  a smaller-sized  VLSI  reticle  resulted  in  reduced  costs.  CSL  also  designed 
and  implemented  a protot3T3e  of  a local  collection  network  for  captured 
performance  data. 

On  the  software  side,  CSL  devised  an  Innovative,  portable  technique  for  as- 
saying and  improving  parallel  programs  on  multiple-instruction,  multiple-data 
(MIMD)  systems.  The  method,  which  accomplishes  important  sensitivity  ana- 
lyses of  programs,  is  described  in  NISTIR  4859,  Time-Perturbation  Timing  of 
MIMD  Programs.  Whereas  previous  approaches  have  been  approximate  and  un- 
reliable, the  new  method  yields  accurate  assays  and  real  improvements.  Pre- 
liminaiy  results  on  both  shared-memory  and  distributed -memory  systems  are 
promising  and  have  resulted  in  a patent  application. 
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SELECTED  STAFF  ACCOMPLISHMENTS 
FY  1989  - FY  1992 


Department  of  Commerce  awards  for  major  contributions  to  Department 
programs  were  presented  to: 

Shukii  A-  Wakld  - Silver  Medal  (1992) 

Allen  L.  Hankinson  - Silver  Medal  (1991) 

David  K.  Jefferson  - Silver  Medal  (1991) 

Roger  J,  Martin  - Silver  Medal  (1989) 

Miles  E.  Smid  - Silver  Medal  (1989) 

Donna  F.  Dodson  - Bronze  Medal  (1992) 

Elizabeth  N.  Fong  - Bronze  Medal  (1992) 

Michael  Garris  - Bronze  Medal  (1992) 

David  E.  Cypher  - Bronze  Medal  (1991) 

Gary  E.  Fisher  - Bronze  Medal  (1991) 

Irene  E.  Gilbert  - Bronze  Medal  (1991) 

Barbara  L.  Blickenstaff  - Bronze  Medal  ( 1 990) 

David  R.  Kuhn  - Bronze  Medal  (1990) 

Charles  L.  Sheppard  - Bronze  Medal  (1990) 

J.  Elaine  Frye  - Bronze  Medal  (1989) 

Candice  E.  Leatherman  - Bronze  Medal  (1989) 

Joan  M.  Sullivan  - Bronze  Medal  (1989) 

David  Hui-Yang  Su  - Bronze  Medal  (1989) 
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Recognition  from  External  Organizations 

A 1992  Federal  Leadership  Award  was  presented  to  the  NIST  Electronic  Certi- 
fication Project  by  Federal  Computer  Week  and  the  Open  Systems  Conference 
Board. 

James  H.  Burrows  was  awarded  the  1991  IRM  Leadership  Award  by  the 
Association  for  Federal  Information  Resources  Management  (AFFIRM). 

James  H.  Burrows  received  the  1991  Federal  Office  Systems  Exposition  (FOSE) 
Award  for  leadership  in  standards  development  for  computing,  telecommunica- 
tions, and  computer  security. 

James  H.  Burrows  received  the  Distinguished  Presidential  Rank  Award  in 
1989  for  extended  exceptional  performance  in  government. 

F.  Lynn  McNulty,  David  K.  Jefferson,  Allen  L.  Hankinson,  Roger  J.  Martin, 
and  Frederick  T.  Boland  received  Federal  100  awards  from  Federal  Computer 
Week  for  contributions  to  the  federal  systems  community  in  1991. 

James  H.  Burrows,  Dennis  K.  Branstad,  Kevin  L.  Mills,  and  Shukri  A. 

Wakid  received  Federal  100  awards  from  Federal  Computer  Week  for  significant 
contributions  to  the  government  systems  community  in  1990. 

James  H.  Burrows,  Allen  L.  Hankinson,  and  Dennis  D.  Steinauer  received 
the  Federal  100  Reader’s  Choice  Awards  from  Federal  Computer  Week  for  1989. 

Allen  L.  Hankinson  received  the  Distinguished  Presidential  Rank  Award  for 
1992  for  extended  exceptional  government  service. 

Allen  L.  Hankinson  was  elected  to  the  UniForum  Board  of  Directors  for  a two- 
year  term  beginning  July  1,  1991. 

Kevin  L.  Mills  received  the  Interagency  Committee  on  Information  Resources 
Management  1991  Award  for  Management/Administrative  Excellence  for  effec- 
tive leadership  tn  the  federal  systems  community  in  advancing  the  acceptance 
of  Open  Systems  Interconnection  (OSI)  standards. 

Kevin  L.  Mills  was  elected  as  a senior  member  in  the  Institute  of  Electrical  and 
Electronics  Engineers  (IEEE). 

Robert  Rosenthal  was  awarded  the  1 992  Award  for  Technical  Excellence  by 
the  Interagency  Committee  on  Information  Resources  Management  for  leader- 
ship in  the  field  of  local  area  networks  and  computer  security. 


Roger  J.  Martin  received  the  Institute  of  Electrical  and  Electronics  Engineers 
(IEEE)  Standards  Medallion  in  1992  for  his  contributions  to  the  establishment 
of  POSIX  test  methods  as  standards  worldwide. 

Roger  J.  Martin  received  the  Interagency  Committee  on  Information  Resources 
Management  Award  for  Technical  Excellence  in  1989  for  outstanding  contribu- 
tions to  the  federal  information  resources  management  community. 

Mark  Skall  was  appointed  as  the  government  representative  to  the  National 
Computer  Graphics  Association  Board  of  Directors  for  a three-year  term 
beginning  in  January  1993. 

Miles  E.  Smid  received  the  Award  for  Technical  Excellence  from  the  Inter- 
agency Committee  on  Information  Resources  Management  in  1 990  for  his  con- 
tributions to  the  federal  information  resources  management  community, 
particularly  in  computer  security. 

Dennis  D.  Steinauer  was  elected  chairman  of  the  Forum  of  Incident  Response 
and  Security  Teams  (FIRST)  for  a one-year  term  beginning  August  1992. 

Robert  J.  Carpenter,  Alan  Mink.  George  Nacht,  and  John  Roberts  received 
the  Allen  V.  Astin  Measurement  Science  Award  in  1990  for  their  contributions 
to  the  science  of  measuring  the  performance  of  multiprocessor  computer 
systems. 

Gordon  Lyon  was  appointed  Chairman  of  the  NIST  Research  Advisory 
Committee  for  1991. 

Donna  Harman  and  Gerald  Candela  received  the  1990  R&D  100  Award  from 
Research  & Development  magazine  for  a fast  information  retrieval  system. 

They  were  also  the  recipients  of  the  1991  Journal  of  the  American  Society  for 
Information  Science  (JASIS)  Best  Paper  Award  for  Retrieving  Records  from  a 
Gigabyte  of  Text  on  a Minicomputer  Using  Statistical  Ranking. 

Leonard  J.  Gallagher  received  the  Interagency  Committee  on  Information  Re- 
sources Management  Award  for  Technical  Excellence  in  1989  for  outstanding 
contributions  to  the  federal  information  resource  management  community. 

Leonard  J.  Gallagher  was  selected  by  the  Oracle  Corporation  in  1990  as  the 
grand  prize  winner  of  its  Unleash  the  Genius  contest  for  his  implementation  of 
a hypertext  query  facility. 
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Judith  Newton,  accepting  for  NIST,  received  the  1992  Data  Administration 
Management  Association  (DAMA)  International  Company  Achievement  Award  jj 

for  an  outstanding  contribution  to  the  direction  of  the  information  resource  j 

industry.  I 

Edward  Roback  received  an  Unsung  Hero  in  Computer  Security  Award  by 
FedSecurity  ’91  and  Federal  Computer  Week. 

Henry  Tom  was  appointed,  for  a two-year  term  through  1993,  as  a deputy 
member  to  the  U.S.  Board  of  Geographic  Names.  He  also  served  as  the  govern- 
ment representative  on  the  Board  of  Directors  of  the  National  Computer 
Graphics  Association  through  December  1992. 
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PARTICIPATION  IN  VOLUNTARY 
STANDARDS  ACTIVITIES 


CSL  staff  members  participate  in  more  than  85  national  and  international  vol- 
untary standards  activities,  including  the  following: 

American  National  Standards  Institute  (ANSI): 

Information  Systems  Standards  Board  (ISSB) 

Information  Technology  Consultative  Committee  (ITCC) 

USA  Registration  Authority  Committee 

Accredited  Standards  Committee  (ASC): 

Tl.  Telecommunications 

X3.  Information  Processing  Systems 

X9.  Financial  Services 

XI 2.  Electronic  Data  Interchange  (EDI) 

IT9.  Physical  Properties  and  Permanence  of  Imaging  Media 

Institute  of  Electrical  and  Electronics  Engineers  (IEEE): 

IEEE  Standards  Board  and  Committees 
IEEE  Groups  for: 

Ivocal  Area  Networks 

Portable  Operating  System  Interface  (POSIX) 

Graphical  User  Interface 

Software  Engineering 

U.S.  TAG  for  JTC  1 SC  7 

U.S.  TAG  for  JTC  1 SC  22  WG  15 

Futurebus 

International  Organization  for  Standardization  (ISO)/ 

International  Electrotechnical  Commission  (lEC) 

Joint  Technical  Committee  1 (JTC  1)  on  Information  Technology 

U.S.  Technical  Advisory  Group  (TAG)  for  ISO/IEC  JTC  1 (JTC  1 TAG) 

International  Telegraph  and  Telephone  Consultative  Committee  (CCITT): 
CCITT  Study  Groups  for: 

Data  Communications  Networks 
Switching  and  Signaling 

U.S.  National  Committee  for  CCITT: 

Study  Group  B 
Study  Group  D 
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International  Organization  for  Standardization  (ISO) 

Technical  Committees  for: 

Industrial  Automation 

Micrographics  and  Optical  Memories  for  Document  and  Image 
Recording.  Storage  and  Use 

ASC  X3  Subgroups  for: 

BASIC 

Computer  Graphics 
Credit/Identiflcation  Cards 
Database 

Data  Communications 
Data  Interchange 
Data  Representation 
Digital  Magnetic  Tape 
I/O  Interface 

Information  Resource  Dictionary  System 
Information  Technology  Security  Techniques 
LISP 

Open  Distributed  Processing 
Open  Systems  Interconnection 
Optical  Digital  Data  Disks 

Parallel  Processing  Constructs  for  High-Level  Programming  Languages 
Picture  Coding 

Secretariat  Management  Committee  (SMC) 

Standards  Planning  and  Requirements  Committee  (SPARC) 

SPARC  Database  Systems  Study  Group 
Text:  Office  and  Publishing  Systems 
U.S.  TAG  for  JTC  1 SC  21 
U.S.  TAG  for  JTC  1 SC  22 

ASC  X9  Subgroups  for: 

Data  and  Information  Security 
Public-Key  Cryptography  for  Financial  Institutions 
Security  for  Financial  Systems 
Wholesale  Banking 

ASC  X12  Subgroup  for: 

Security 

ASC  T1  Technical  Subcommittee  for: 

Services,  Architecture  and  Signaling 
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JTC  1 TAG  Subgroups  for: 

EDI 

Functional  Standards 
Procedures 

ISO/IEC  JTC  1 Subcommittees  or  Groups  for: 

Computer  Graphics 

Design  and  Documentation  of  Computer-Based  Information  Systems 
Document  Processing  and  Related  Communication 
Flexible  Magnetic  Media  for  Digital  Data  Interchange 
Functional  Standardization 

Information  Retrieval,  Transfer  and  Management  for  OSI 
Information  Technology  Security  Techniques 
Interconnection  of  Information  Technology  Equipment 
Languages 

Optical  Disk  Cartridges  for  Information  Interchange 

POSIX 

Procedures 

Representation  of  Data  Elements 

Telecommunications  and  Information  Exchange  Between  Systems 

European  Computer  Manufacturers  Association  (ECMA)  Technical 
Committees  or  Task  Groups  for: 

Lower  Four  OSI  Layers  and  Local  Area  Networks 
Magnetic  Tapes 

PCTE  (Portable  Common  Tool  Environment)  TC33/TGEP 
Reference  Model  for  Software  Environments  TC33/TGRM 
TC-36/TG1  Security  Evaluation  Criteria 

European  Workshop  on  Open  Systems  (EWOS) 

Expert  Group  on  Common  Application  Environments  (to  be  changed  to  OSE) 
EG-CAE 

Association  for  Information  and  Image  Management  (AHM) 

Canadian  Committee  on  Geomatics 

Data  Administration  Management  Association  Standards  and  Procedures 
Subgroup 
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Federal  Interagency  Coordinating  Conunittee  on  Digital  Cartography 


Federal  Telecommunication  Standards  Committee 
International  Association  for  IdentiJQcation 

National  Association  of  State  Information  Resource  Executives  (NASKE) 

National  Information  Standards  Organization 

NIST  Open  System  Environment  Implementors’  Workshop  (OIW) 

North  American  ISDN  Users’  Forum  (NIUF) 

U.S.  Board  on  Geographic  Names 

CSL  staff  members  hold  the  following  leadership  positions  in  the  above  activities: 


X3  and  X3  Subgroups 

Elizabeth  Fong,  Inti.  Rep 
Leonard  Gallagher,  Inti.  Rep. 
Mark  Skall.  Vice  Chair 
Susan  Sherrick,  Inti.  Rep. 
Bruce  Rosen.  Inti.  Rep. 
Roger  Sies,  Chair 
Judith  Newton.  Chair 
Heniy  Tom.  Chair 


DBSSG,  Database  Systems  Study  Group 

X3H2.  Database 

X3H3,  Computer  Graphics 

X3H3.7,  Validation -Testing  Registration 

X3H4,  Information  Resource  & Dictionary 

X3V1.1  User  Requirements 

X3H4,4,  System  Administration  & Control 

X3L8.4,  Geographical  Units 


JTC  1 TAG  Activities 

Robert  Rountree,  Chair  JTC  1 TAG.  U.S.  Technical  Advisory  Group 

for  IS/IEC  JTC  1 

Robert  Rountree,  Chair  JTC  1 TAG  Procedures  Group 


JTC  1 Subcommittees 

Roger  Martin.  Rapporteur 

Fritz  Schulz,  Project  Editor 
Eugene  Troy,  Project  Editor 

Lawrence  Welsch,  Project 
Editor 


JTC  1/SC  22 /WG  15  Rapporteur  Group 
on  Conformance  Testing 
JTC  1 SGFS,  TRl  0003.3 
JTC  1 27.16.1  General  Model  for  Security 
Evaluations 
SC  18WG  1-MHMF 
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IEEE  Standards  Activities 

A1  Hankinson,  Chair 
Fritz  Schulz.  Editor 
Roger  Martin,  Chair 
Anthony  Cincotta,  Editor 
& Technical  Reviewer 
Dennis  Steinauer,  Chair 
John  Barkley.  Editor 
Rick  Kuhn,  Secretary 
Rick  Kuhn,  Secretary 
Steve  Trus,  Chair 
Roger  Martin,  Chair 

Lawrence  Welsch,  Sponsor 
Mike  Rubinfeld,  Chair 


P1003.0.  POSIX  Guide 
PI 003.0,  POSIX  Guide 
P1003.3.1,  POSIX.  1 Test  Methods 
PI003.3.1,  POSIX.  I Test  Methods 

P1003.6.  POSIX  Security 
PI 003.8,  Transparent  File  Access 
PI 20 1.  Window  & Graphic  Interfaces 
P1201.2.  Driveability 
PI 224,  X-400  Appli.  Prog.  Interface 
TCOS  Steering  Committee  on  Conformance  Tests, 
Technical  Committee  on  Operating  Systems 
IEEE  SC  MMOD 
CD-ROM  Architectures 


Others: 

Mike  Hogan,  Vice  Chair 


Tom  Bagg,  Vice  Chair 
Dana  Grubb.  Chair 


Mike  Rubinfeld,  Chair 


American  National  Standards  Institute, 
Information  Systems  Standards  Board 
Image  Technology  9 Committee 
Workshop  on  the  Electronic  Exchange  of 
Fingerprint  Images 
SIGCAT.  SIG  Standards 
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COLLABORATION  WITH  GOVERNMENT, 
INDUSTRY,  AND  ACADEMIA 

In  1992,  CSL  collaborated  with  the  following  agencies  in  government,  industr>\ 
and  academia,  some  of  which  supported  CSL  research  through  funding  or  the 
loan  of  equipment  or  software. 

Federal  Agencies 

Department  of  Defense 
Ada  Joint  Program  Office 
Air  Force  Cryptologic  Support  Center 
Air  Force,  Scott  Air  Force  Base,  Illinois 
Army  Corps 

Army,  Ft.  Belvoir,  Virginia 
Army,  Ft.  Huachuca.  Arizona 
Army  Personnel  Command  Center 
Army  Vulnerability  Assessment  Lab 

Computer-aided  Acquisition  and  Logistics  Support  (CALS) 

Corporate  Information  Management  Office 
Defense  Advanced  Research  Projects  Agency 
Defense  Information  Systems  Agency 
Defense  Logistics  Agency 
Department  of  the  Air  Force 
Department  of  the  Army 
Department  of  the  Navy 
National  Security  Agency 
Naval  Weapons  Center,  China  Lake.  California 
Navy  Human  Resources  Office 
Navy  Next  Generation  Computer  Resources 
Office  of  the  Director  of  Defense  Information 
Strategic  Defense  Initiative  Organization 
Department  of  Commerce,  Bureau  of  the  Census 
Department  of  Commerce,  Office  of  Financial  Management 
Department  of  Education 
Department  of  Energy 

Department  of  Ener^,  Lawrence  Livermore  National  Laboratory 
Department  of  Health  and  Human  Services 
Department  of  Justice.  Federal  Bureau  of  Investigation 
Department  of  the  Treasury 

Department  of  the  Treasury,  Internal  Revenue  Service 
Department  of  Veterans  Affairs 
Environmental  Protection  Agency 
Federal  Emergency  Management  Agency 
General  Services  Administration 
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Federal  Agencies  (continued) 


National  Aeronautics  and  Space  Administration 

National  Archives  and  Records  Administration 

National  Oceanic  and  Atmospheric  Administration 

National  Science  Foundation 

Nuclear  Regulatory  Commission 

Office  of  Management  and  Budget 

President’s  Council  on  Integrity  and  Efficiency 

Securities  and  Exchange  Commission 

Social  Security  Administration 

U.S.  Geological  Survey 

Industry 

American  Computer  & Electronics  Corporation 
Ameritech  Services 
Apple  Computer 
ARINC 

AT&T  Bell  Laboratories 
AT&T  Network  Services 
Baxter  Healthcare  Corporation 
Bell  Atlantic 

Bell  Communications  Research 
Bellcore 

Bell  Northern  INRS,  Montreal.  Canada 
Boeing  Computer  Support  Services.  Inc. 

Bolt.  Beranek  and  Nevmian 
Cascade  Communications 
Cisco 

CLC  Associates 
3COM 
Combinet 
COMSAT 

Connective  Strategies 
Convex 

Digital  Equipment  Corporation 
Digltech  Industries 
Eastman  Kodak  Company 
Electronic  Data  Systems  Corporation 
FastComm  Communications 
FiberCom 

First  Chicago  Corporation 
Fujitsu  Networks  Industry.  Inc. 

General  DataComm.  Inc. 

Hayes  Microcomputer  Products.  Inc. 
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Industry  (continued) 


Hewlett-Packard 
Hughes  Aircraft  Company 
IBM  Corporation 

Idacom  Hewlett-Packard.  Canada 
InteCom,  Inc. 

Intel  Corporation 

ISDN  Systems  Corporation 

MCI 

Mitel  Corporation 

MITRE 

NCR 

NEC  America 
Netrix  Corporation 
Network  Express 
Network  General 
Nortel  Federal  Systems 
Northern  Telecom,  Inc. 

Novell 

NYNEX-Telesector  Resources  Group 
OSI.  Inc. 

Pacific  Bell 
Paramax 
Phased  Networks 
PictureTel 
Proteon 

RACAL  Guardata 
Raynor  Associates.  Inc. 

Retix 

Rockwell  International  Corporation 
Siemens  Stromberg-Carlson 
Southwestern  Bell  Telephone  Company 
Sprint  International 
SRI  International 
StrataCom  Federal  Systems 
Sun  Microsystems 
TASC 

Telebyte  Technology,  Inc. 

Tekelec 

Teleos  Communications,  Inc. 

Trusted  Information  Systems 
UDS  Motorola 
U S WEST 

Vanguard  Research,  Inc. 

Wellfieet 


Academia 


Camegie-Mellon  University 

Centre  de  Recherche  Informatique  de  Montreal  (CRIM),  University  of  Montreal 

Iowa  State  University 

Massachusetts  Institute  of  Technology 

North  Carolina  State  University 

Purdue  University 

University  of  the  District  of  Columbia 
University  of  Maryland 
University  of  Michigan 

University  of  Pennsylvania,  Linguistic  Data  Consortium 
University  of  Toronto 

Other 

Centre  National  de  la  Recherche  Scientifique  (CNRS),  Paris  (French  Government) 
Laboratoire  d’lnformatique  pour  la  Mecanique  et  les  Sciences  de  L’lngenieur 
(LlMSl),  Paris  (French  Government) 
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COOPERATIVE  RESEARCH  & 
DEVELOPMENT  AGREEMENTS  (CRDAs) 


FY  1992 

RESEARCH  PARTNER  PROJECT 


Software  Standards  Validation 

Washington  Software  Technologies.  Inc.  Basic  Test  Suite 


Integrated  Services  Digital  Network  (ISDN) 

American  Computer  & Electronics  North  American  ISDN 

Corporation  Users’  Forum  (NIUF) 


Ameritech  Services  NIUF 

AT&T  NIUF 

Baxter  Healthcare  Corporation  NIUF 

Bell  Atlantic  NIUF 

Bell  Communications  Research  NIUF 

Boeing  Computer  Support  Services,  Inc.  NIUF 

Defense  Information  Systems  Agency  NIUF 

Department  of  Defense  NIUF 

Department  of  the  Navy  NIUF 

Eastman  Kodak  Company  NIUF 

Electronic  Data  Systems  Corporation  NIUF 

First  Chicago  Corporation  NIUF 

Fujitsu  Networks  Industry,  Inc.  NIUF 

General  DataComm,  Inc.  NIUF 

Hayes  Microcomputer  Products.  Inc.  NIUF 

Idacom  Telecommunications  Division, 

Hewlett-Packard  (Canada)  Ltd.  NIUF 

InteCom,  Inc.  NIUF 

IBM  Corporation  NIUF 

Mitel  Corporation  NIUF 

National  Aeronautics  and  Space 
Administration  (NASA)  NIUF 

North  Carolina  State  University  NIUF 

Northern  Telecom,  Inc.  NIUF 

NYNEX  - Telesector  Resources  Group  NIUF 

Pacific  Bell  NIUF 

Raynor  Associates,  Inc.  NIUF 
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RESEARCH  PARTNER 


PROJECT 


Siemens  Stxomberg-Carlson 
Southwestern  Bell  Telephone  Company 
TASC  (The  Analytieal  Seienees  Corp.) 
Telebyte  Technology,  Inc 
Teleos  Communications,  Inc. 

UDS  Motorola 
University  of  Michigan 
U.S.  Air  Force,  Technology 
Integration  Center 
U S WEST 

Vanguard  Research,  Inc. 

COMSAT  Corporation 


Datacom,  Inc. 
Tekelec,  Inc. 


NIUF 

NIUF 

NIUF 

NIUF 

NIUF 

NIUF 

NIUF 

NIUF 

NIUF 

NIUF 

Test  and  Demonstrate 
ISDN  Protocols  and 
Services 
EDI  and  ISDN 
ISDN  and  X-25 
Conformance  Test 
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GUEST  RESEARCHERS  FY  1992 


Guest  Scientists  and  Research  Associates  24 

Organizations  represented  included: 

Armament  Development  Authority.  Rafael,  Israel 
Bellcore,  Livingston.  New  Jersey 

Defense  Information  Systems  Agency,  Arlington.  Virginia 
Imperial  College  of  Science  and  Technology,  United  Kingdom 
Institute  of  Geology.  Beijing,  People’s  Republic  of  China 
Institut  National  Des  Telecommunications,  France 
National  Science  Foundation,  Washington,  D.C. 

Northeast  University  of  Technology,  People’s  Republic  of  China 

Planning  Research  Corporation,  McLean,  Virginia 

Space  Science  and  Technology  Center,  People’s  Republic  of  China 

Sun  Microsystems,  Mountain  View,  California 

Telecommunications  Laboratoiy,  People’s  Republic  of  China 

Telecommunications  Laboratories.  Taiwan 

Telecom,  Paris,  France 

University  of  Twente,  The  Netherlands 

Washington  Software  Technologies  Inc.,  Annandale,  Virginia 


Faculty  Appointments  7 

Loyola  College,  Baltimore,  Maryland 
University  of  Maryland,  College  Park,  Maryland 
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CONFERENCES  AND  WORKSHOPS 


CONFERENCES  AND  WORKSHOPS 

October  1991  - December  1992 

1991 


October  1-4 

North  American  ISDN  Users’  Forum  (NIUF) 

October  1-4 

14th  National  Computer  Security  Conference  {cosponsored  by  the  National 
Computer  Security  Center  [NCSC]) 

October  1 1 

Lecture  Series  on  High  Integrity  Systems 

October  1 1 

Lecture  on  Object-Oriented  Databases 

November  8 

Lecture  Series  on  High  Integrity  Systems 

November  8 

Lecture  Series  on  Hypermedia 

November  12 

Applications  Portability  Profile/Open  System  Environment  (APP/OSE)  Users’ 
Forum 

November  18 

Computer  Security  Awareness  Semiriar 

December  2 

Computer  Security  Day 

December  3 

Lecture  Series  on  High  Integrity  Systems 

December  9-13 

OSI  Implementors’  Workshop  (OIW)  (cosponsored  by  the  Institute  of  Electrical 
and  Electronics  Engineers  [lEEEl  Computer  Society) 

1992 


January  24 

Lecture  Series  on  Hypermedia 

February  14 

Lecture  Series  on  High  Integrity  Systems 

February  18 

Object  Technology  Lecture 

February  18-21 

Spatial  Data  Transfer  Standard  Workshop 

February  25-26 

Federal  Information  Systems  Security  Educators’  Association 

February  25-28 

North  American  Integrated  Services  Digital  Network  (ISDN)  Users’  Forum  (NIUF) 

March  6 

Lecture  Series  on  Hypermedia 

March  9-13 

Orw  (cosponsored  by  IEEE  Computer  Society) 

April  3 

Lecture  Series  on  High  Integrity  Systems 
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April  10 

Lecture  Series  on  Hypermedia 

April  27-29 

CD-ROM  Technical  Conference 

May  1 1 

Object  Technology  Lecture 

May  12-13 

5th  Annual  Data  Administration  Management  Association  (DAMA)  Symposium 

May  14 

APP/OSE  Users'  Forum 

May  15 

Lecture  Series  on  Hypermedia 

May  18 

Lecture  Series  on  High  Integrity  Systems 

May  18-22 

NIST  Integrated  Software  Engineering  Environment  (ISEE)  Users’  Fomm 

May  27-29 

First  Optical  Character  Recognition  (OCR)  Systems  Conference  (cosponsored  by 
Bureau  of  the  Census) 

June  2-5 

NIUF 

June  8-12 

Orw  (cosponsored  by  IEEE  Computer  Society)  (note  name  changes  to  Open  Sys- 
tems Environment  Implementors  Workshop  lOfW]) 

June  15-18 

COMPASS  '92  7th  Annual  Conference  on  Computer  Assurance  (cosponsored  by 
the  IEEE  National  Capital  Area  Council  and  the  IEEE  Aerospace  and  Electron- 
ics Systems  Society) 

June  19 

Software  Producibility  MODIL  Workshop  on  Reuse 

June  23-26 

Department  of  Defense  Electronic  Data  Interchange  Conference  (cosponsored 
by  the  Office  of  the  Asst.  Secretary  of  Defense  Production  and  Logistics) 

August  7 

Software  Producibility  MODIL  Workshop 

September  21-25 

orw  (cosponsored  by  IEEE  Computer  Society) 

September  28 

Software  Producibility  MODIL  Workshop 

October  9 

Lecture  Series  on  High  Integrity  Systems 

October  13-16 

15th  National  Computer  Security  Conference  (cosponsored  by  NCSC) 

October  27-30 

NIUF 

November  4-6 

First  Text  Retrieval  Conference  (TREC)  (cosponsored  by  Defense  Advanced  Re- 
search Project  Agency  [DAPtPA]) 

November  9 

ISEE  Users’  Forum 
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November  lO 

APP/OSE  Users’  Forum 

November  16-20 

Transcontinental  ISDN  Project  ’92  - (cosponsored  by  NIUF  and  Corporation  for 
Open  Systems) 

November  30 

Computer  Security  Day 

December  1 

Lecture  Series  on  High  Integrity  Systems 

December  7 

GOSIP  Procurement  Symposium 

December  10-11 

Workshop  on  High  Integrity  Software 

December  14-18 

Orw  (cosponsored  by  IEEE  Computer  Society) 
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PLANNED  CONFERENCES  AND  WORKSHOPS 


1993 


Februaiy  8-12 

NIUF 

February  17-18 

Federal  Digital  Signature  Applications  Symposium 

February  23-24 

Federal  Information  Systems  Security  Educators’  Association 

Febnjaiy  25 

Lecture  Series  on  High  Integrity  Systems 

March  8-12 

OIW  (cosponsored  by  IEEE  Computer  Society) 

May  1 1-12 

6th  Annual  DAMA  Symposium 

May  25-26 

APP/OSE  Users’  Forum 

June  7-11 

OrW  (cosponsored  by  IEEE  Computer  Society) 

June  14-17 

COMPASS  ’93,  8th  Annual  Conference  on  Computer  Assurance  (cosponsored 
by  the  IEEE  National  Capital  Area  Council  and  the  IEEE  Aerospace  and  Elec- 
tronics Systems  Society) 

June  21-25 

NIUF 

August  30 

Text  Retrieval  Conference  (TREC) 

September  13-17 

Orw  (cosponsored  by  IEEE  Computer  Society) 

September  20-24 

16th  National  Computer  Security  Conference  (cosponsored  by  NCSC) 

October  18-22 

NIUF 

November  17-18 

APP/OSE  Users’  Forum 

December  6-10 

(OrW)  (cosponsored  by  IEEE  Computer  Society) 
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TALKS 

During  the  past  year,  CSL  staff  members  presented  papers  and  gave  talks  to  a 
large  number  of  external  organizations,  including  the  following: 

Air  Force  Cryptologic  Support  Center 

American  Bar  Association 

American  National  Standards  Institute  (ANSI) 

American  Society  for  Industrial  Security 

Americas  Telecommunications  Standards  Symposium 

Anti-Virus  Product  Developers’  Conference 

Applications  Portability  Profile/Open  Systems  Environment  (APP/OSE)  Users' 
Forums 

Armed  Forces  Communication  and  Electronics  Association  (AFCEA) 
Association  for  Computing  Machinery  (ACM) 

Association  for  Federal  Information  Resources  Management  (AFFIRM) 

AT&T  Bell  Laboratories 

Bell  Atlantic 
Bureau  of  Census 

CALS/CE  Expo  ’92  Industry  Steering  Group 
Canadian  Communications  Security  Establishment 
Camegie-Mellon  University 
Carnegie  Institute  of  Washington 

COMPASS  ’92  Annual  Conference  on  Computer  Assurance 
Computer-aided  Acquisition  and  Logistic  Support  (CALS)  EXPO  ’92 
Computer  Security  Institute 
Computer  Integrated  Manufacturing  Conference 
Corporation  for  Open  Systems 

Data  Administration  Management  Association  (DAMA) 

Data  Interchange  Standards  Association 

Data  Processing  Management  Association 

Defense  Advanced  Research  Project  Agency  (DARPA) 

Delft  University,  Delft,  The  Netherlands 
Department  of  Commerce  (DoC) 

Department  of  Defense 

Department  of  Energy 

Department  of  Justice 

Department  of  Veterans  Affairs 

DoC  Telecommunications  Coordinating  Committee 

DoD  Information  Management  Directorate  Computer  Security  Conference  ’92 
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Eastman  Kodak 

EDI  and  Government  Computer  News  Conference 
Electronic  Data  Interchange  National  Conference 
Enterprise  Networking  Event  '92 
Environmental  Protection  Agency 
European  ISDN  Users’  Forum 

Federal  Bureau  of  Investigation 

Federal  Computer  Security  Program  Managers’  Forum 
Federation  of  Government  Information  Processing  Councils 
Fingerprint  Image  Analysis  Workshop 
Fourth  Workshop  on  Computer  Security  Incident  Handling 
FTS  2000  Interagency  Management  Council 

George  Washington  University 

Geographic  Information  & Spatial  Data  Exposition  (GISDEX) 

GOSIP  Security  Profiles,  Interop  92  Conference 
Government  Users’  ISDN  Security  Conference 

Hewlett-Packard 

Honeywell  Federal  Systems  Division 

Information  Systems  Security  Association  (ISSA)  ’92 
INFORUM 

Independent  Telephone  Pioneers  Association 
Institute  for  Supercomputing  Research  of  Japan 
Institute  of  Electrical  and  Electronics  Engineers  (IEEE) 

Institute  of  Engineers,  Australia  Conference 

Institut  National  de  Telecommunications,  Evry,  France 

Interagency  Working  Group  on  Management  of  Data  for  Global  Change 

Internal  Revenue  Service 

International  Conference  on  R&D  in  Information  Retrieval 
International  Data  Administration  Symposium 
International  Joint  Conference  on  Neural  Networks  ’92 
International  Neural  Network  Society 

International  Workshop  on  Harmonizing  Conformance  Testing  of  Programming 
Languages,  Milano,  Italy 
INTEROP  ’92,  Washington,  DC 

International  Conference  on  the  Applications  of  Standards  for  Open  Systems, 
Paris,  France 

Johns  Hopkins  University 

Library  of  Congress,  Washington,  DC 

MITRE  Corporation 
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National  Aeronautics  and  Space  Administration 
National  Archives  and  Records  Administration 
National  Association  of  State  Election  Directors 
National  Communications  Forum.  Chicago 
National  Computer  Graphics  Association 
National  Computer  Security  Center 
National  Computer  Security  Conferences 
National  Contract  Management  Association 
National  Endowment  for  the  Humanities 
National  Science  Foundation 
National  Security  Agency 
National  Security  Industrial  Association 
Naval  Surface  Warfare  Center 
Network  Security  Information  Exchange 

North  American  Integrated  Services  Digital  Network  Users’  Forum  (NIUF) 

Northern  Telecom 

Nuclear  Regulatory  Commission 

Office  of  Management  and  Budget 
Ohio  Supercomputing  Research  Center 
Oklahoma  Gas  and  Electric  Company 
Open  Software  Foundation 

Open  System  Environment  (OSE)  Implementors  Workshop  (OfW) 
Overseas  Security  Advisory  Council 

Presidential  Council  on  Integrity  and  Efficiency 

Quality  Assurance  Institute 

Royal  School  of  Librarianship,  Copenhagen.  Denmark 

Second  National  Conference  on  Optical  Storage  Laws  and  Regulations 

SecuiTech  ’92  Conference 

Securities  and  Exchange  Commission 

Smithsonian  Seminar  on  Scientific  Imaging 

Society  of  Manufacturing  Engineers 

Software  AG  Federal  Industry  Group 

Software  Engineering  Institute 

Software  Engineering  & Its  Applications.  Toulouse  ’92 
Standards  for  Computer  Integrated  Manufacturing  Conference 
Sun  Microsystems 

Symposium  on  High-Speed  Telecommunications  and  Integrated 
Hospital  Imagery 
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Tenth  International  IFIP  WG6. 1 Symposium  on  Protocol  Specifications,  Testing, 
and  Verification 

Third  Annual  Workshop  on  Very  High  Speed  Networks 
TRIP  ’92  Washington  Event 
Trusted  Information  Systems 

Unigraphics  Users  Group 
University  of  Arizona 

University  International  Processing,  Zurich,  Switzerland 
University  of  Maryland 
UNIX  International 

URISA  Urban  & Regional  Information  Systems  Association 
U.S.  Army  Computer  Vulnerability/Survivability  Study  Team 
USDA  Information  Resource  Management  Conference 

X/OPEN 
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ELECTRONIC  BULLETIN  BOARDS 


CSL  operates  three  electronic  bulletin  boards  for  information  exchange: 


Information  about  computer  security 
9600  baud  only 


(301)  948-5717 
(301)  948-5140 


Information  about  data  management 
activities  and  applications 


(301)  948-2048 
and  948-2059 


Information  about  the  North  American  (301)  869-7281 

Integrated  Services  Digital  Network 
(ISDN)  Users’  Forum  (NIUF) 


Users  can  reach  the  bulletin  boards  by  dialing  the  numbers  listed  above. 
Terminals  should  have  the  following  capabilities: 

ASCII,  300,  1200,  or  2400  baud  (9600  baud  available  for  computer  security 
bulletin  board  only),  8 bits  with  no  parity  or  7 bits  with  even  parity,  1 stop  bit. 

If  a connection  is  not  established  at  the  end  of  two  rings  or  if  the  line  is  busy, 
hang  up  and  try  again. 

After  CONNECT,  strike  the  carriage  return  twice  and  the  system  AviU  be 
accessed.  The  system  will  now  guide  you  through  the  buUetin  board  by  asking 
key  questions  and  providing  helpful  menus. 
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ACCESSING  INFORMATION  ON 
VALIDATED  PRODUCTS 


CSL  publishes  a Validated  Products  List  (VPL).  a collection  of  registers  describ- 
ing implementations  of  Federal  Information  Processing  Standards  (FIPS)  that 
have  been  validated  for  conformance  to  FIPS.  Updated  quarterly,  the  list  also 
contains  information  about  the  organizations,  test  methods,  and  procedures 
that  support  the  validation  programs. 

The  VPL  contains  conformance  testing  information  for  the  following  informabon 
technology  standards:  Programming  Languages  COBOL.  Fortran.  Ada.  Pascal. 
C.  and  MUMPS:  Database  Language  SQL;  Graphics:  GOSIP:  POSIX:  and  Com- 
puter Security.  Entries  in  the  printed  VPL  are  contained  in  WordPerfect. 

Version  5.1  files. 

To  access  the  VPL  via  the  Internet: 

Type:  ftp  speckle.ncsLnist.gov  (internet  address  is  129.6.59.2) 

Login  as  user  ftp 

Type  your  e-mail  address  as  the  password 
Type:  cd  pub/vpl 
Type:  binary 
Type:  dir 
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USER  GROUPS  SPONSORED  BY  CSL 


The  Open  System  Environment  (OSE)  Implementors’  Workshop  (OIW)  meets 
four  times  a year  to  discuss  detailed  implementation  specifications  for  OSE 
standards. 


CONTACT:  Tim  Boland 

B-217  Technology  Building 

National  Institute  of  Standards  and  Technology 

Gaithersburg,  MD  20899 

Telephone:  (301)  975-3608 


The  joint  ISDN  Users’  Workshop  and  ISDN  Implementors’  Workshop  of  the 
North  American  ISDN  Users’  Forum  (NIUF)  meets  three  times  a year  to 
address  application  requirements  and  to  develop  application  profiles  for  ISDN 
products  and  services. 

CONTACT:  Dawn  Hoffman 

B-364  Materials  Building 

National  Institute  of  Standards  and  Technology 

Gaithersburg.  MD  20899 

Telephone:  (301)  975-2937 


The  Applications  Portability  Profile/Open  System  Environment  (APP/OSE) 
Users’  Forum  meets  twice  a year  to  identify  federal  requirements  and  to  dis- 
cuss the  development  of  an  architectural  approach  to  applications  portability 
in  an  open  system  environment. 

CONTACT:  Joe  Hungate 

B-266  Technology  Building 

National  Institute  of  Standards  and  Technology 

Gaithersburg.  MD  20899 

Telephone:  (301)  975-3368 


FIPS  PUBLICATIONS  LIST 
BY  FIPS  NUMBER 

1992  December 


FIPS  NO. 

CATEGORY 

TITLE-DATE 

0 

(DP 

General  Description  of  FIPS  Register 

68  Nov  01 

1-2 

(2&3)S 

Code  for  Information  Interchange,  Its 
Representations,  Subsets,  and  Extension 
(ANSI  X3.4-1977.  X3.32-1973.  X3.41-1974) 
84  Nov  14 

CHANGE  NOTICES 


2-1 

(2)S 

Perforated  Tape  Code  for  Information  Interchange 
(ANSI  X3.6-1965/R1965/R1983  & R1991) 

84  Nov  14 

3-1 

WITHDRAWN 

4-1 

(4)S 

Representation  for  Calendar  Date  and  Ordinal  Date 
for  Information  Interchange  (ANSI  X3.30-1985/R1991) 
88  Jan  27 

1 


5- 2  (4)S  Codes  for  the  Identification  of  the  States,  the 

District  of  Columbia  and  the  Outlying  Areas  of  the 
United  States,  and  Associated  Areas 
87  May  28 

6- 4  (4)S  Counties  and  Equivalent  Entities  of  the  United  States, 

Its  Possessions,  and  Associated  Areas 
90  Aug  31 


1 


1 


7 


WITHDRAWN 


1 


8- 5  (4)S  Metropolitan  Statistical  Areas  (MSAs) 

(Including  CMSAs,  PMSAs.  and  NECMAs) 

84  Oct  31  6 

9-  1 (4)S  Congressional  Districts  of  the  U.S. 

90  Nov  30 


*,^proved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


77 


FIPS  NO. 

CATEGORY 

TITLE-DATE 

CHANGE  NOTICES 

10-3 

(4)S 

Countries,  Dependencies,  Areas  of  Special 

Sovereignty,  and  their  Principal  Admin.  Divs. 

84  Feb  09 

13 

11-3 

(3)G 

Guideline:  American  National  Dictionary  for 

Inform.  Systems  (ANSI  X3. 172- 1990) 

91  Feb  01 

12-2 

WITHDRAWN 

1 

13 

(2)S 

Rectangular  Holes  in  Twelve-Row  Punched  Cards 
(ANSI  X3.21-1967/R1980  & R1991) 

71  Oct  01 

14-1 

(2)S 

Hollerith  Punched  Card  Code  (ANSI  X3.26-1980/R1991) 

80  Dec  24 

15 

WITHDRAWN 

1 

16-1 

(7)S 

Bit  Sequencing  of  Code  for  Information  Interchange 
in  Serial-By-Bit  Data  Transmission 
(ANSI  X3.15-1976/R1983  & R1990) 

77  Sept  01 

1 

17-1 

(7)S 

Character  Structure  and  Char.  Parity  Sense  for  Serial-By-Bit  Data  Communica- 
tion in  the  Code  for  Inform.  Interchg.  (ANSI  X3.16-1976/R1983  & R1990) 

77  Sept  01 

18-1 

(6)S 

WITHDRAWN 

1 

*19-2 

(4)G 

Catalog  of  Widely  Used  Code  Sets 

92  July  01 

20 

WITHDRAWN 

1 

21-3 

(3)S 

COBOL  (ANSI  X3.23-1985  & X3.23A-1989) 

90  Jan  12 

2 

* Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


78 


FIPS  NO.  CATEGORY 

TITLE-DATE  CHANGE  NOTICES 

22-1  (7)S 

Synchronous  Signaling  Rates  Between  Data  Terminal 
and  Data  Communication  Equip.  (ANSI  X3. 1-1976) 

77  Sept  01 

23 

WITHDRAWN  1 

24 

WITHDRAWN  1 

25 

WITHDRAWN  1 

26  (2)S 

One-Inch  Perforated  Paper  Tape  for  Information  Interchange 
(ANSI  X3.18-1967/R1974.  R1982.  & R1990) 

73  June  30 

27  (2)S 

Take-Up  Reels  for  One-Inch  Perforated  Tape  for  Information 

Interchg.  (ANSI  X3.20-1967/R1982  & R1990) 

73  June  3 

28 

WITHDRAWN  2 

*29-3  (1&3)P 

Interpretation  Procedures  for  Federal  Information 

Processing  Standards  for  Software 

92  Oct  29 

30  (3)S 

Software  Summary  for  Describing  Computer 

Programs  and  Automated  Data  Systems 

74  June  30 

31  (5)G 

Guidelines  for  Automatic  Data  Processing 

Physical  Security  and  Risk  Management 

74  June 

32-1  (2)S 

Character  Sets  for  Optical  Char.  Recognition  (OCR) 

(ANSI  X3.2-1970/R1976.  X3.17-1981/R1989. 

X3.49-1975/R1982  & R1989) 

82  June  25 

33-1  (2)S 

Character  Set  for  Handprinting  (ANSI  X.3.45-1982/R1989) 

84  Nov  05 

*^proved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


79 


FIPS  NO.  CATEGORY 

TITLE-DATE  CHANGE  NOTICES 

CO 

Guide  for  the  Use  of  International  System  of  Units  (SI) 
in  Federal  Information  Processing  Standards  Publications 

75  Jan  01 

35 

WITHDRAWN  1 

36 

WITHDItAWN  1 

37 

WITHDRAWN  1 

38  (3)G 

Guidelines  for  Documentation  of  Computer 

Programs  and  Automated  Data  Systems 

76  Feb  15 

39  (5)G 

Glossary  for  Computer  Systems  Security 

76  Feb  15 

40  (2)G 

Guideline  for  Optical  Character  Recognition  Forms 

76  May  01 

41  {5)G 

Computer  Security  Guidelines  for 

Implementing  the  Privacy  Act  of  1974 

75  May  30 

O 

CD 

1 

(N 

Guidelines  for  Benchmarking  ADP  Systems 
in  the  Competitive  Procurement  Environment 

77  May  15 

43 

WITHDRAWN  1 

44 

WITHDRAWN  1 

45  (4)G 

Guide  for  the  Development,  Implementation  & 

Maintenance  of  Standards  for  the  Representation 
of  Computer  Processed  Data  Elements 

76  Sept  30 

46-1  (5)S 

Data  Encryption  Standard 

88  Jan  22 

*Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 


S-Standard  G-Guideline  P-Progreim  Information  Document  T-Conformance  Tests 


FIPS  NO.  CATEGORY 

TITLE-DATE  CHANGE  NOTICES 

47 

WITHDRAWN  1 

48  (5)G 

Guidelines  on  Evaluation  ofTeehniques  for 

Automated  Personal  Identification 

77  Apr  01 

49  (6)G 

Guideline  on  Computer  Performance  Management: 

An  Introduction 

77  May  01 

50 

WITHDRAWN  1 

51 

WITHDRAWN  1 

52 

WITHDRAWN  1 

53  (3)S 

Transmittal  Form  for  Describing  Computer 

Magnetic  Tape  File  Properties 

78  Apr  01 

54-1  (2)S 

Computer  Output  Microform  (COM)  Formats 
and  Reduction  Ratios,  16  mm  and  105  mm 
(ANSI/AIIM  MS5-1991  & MS  14- 1988) 

91  Jan  15 

55  DC-4  (4)G 

Guideline:  Codes  for  Named  Populated  Places 

Primary  County  Divisions,  and  Other  Locational 

Entities  of  the  United  States  and  Outlying  Areas 

87  Jan  16  1 

55-2  (4)G 

Same  as  55DC  expect  without  codes 

87  Feb  03  1 

56  (6)G 

Guideline  for  Managing  Multivendor 

Plug-Compatible  ADP  Systems 

78  Sept  15 

*Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


81 


FIPS  NO.  CATEGORY 

TITLE-DATE  CHANGE  NOTICES 

57  (6)G 

Guidelines  for  the  Measurement  of  Interactive  Computer 

Service  Resp>onse  Time  and  Turnaround  Time 

78  Aug  01 

58-1  (4)S 

Representations  of  Local  Time  of  the  Day  for 

Information  Interchange  (ANSI  X3.43-1986) 

88  Jan  27 

59  (4)S 

Representations  of  Universal  Time,  Local  Time 

Differentials,  and  United  States  Time  Zone  References 
for  Information  Interchange  (ANSI  X3. 51-1975) 

79  Feb  01 

60-2 

WITHDRAWN  3 

61-1 

WITHDRAWN  2 

62 

WITHDRAWN  3 

63-1 

WITHDRAWN  2 

63-1 

SUPPLEMENT 

Additional  Operational  Specs  for  VBRMSS  2 

64  (3)G 

Guidelines  for  Documentation  of  Computer  Programs 
cuid  Automated  Data  Systems  for  the  Initiation  Phase 

79  Aug  01 

65  (5)G 

Guideline  for  Automatic  Data  Processing  Risk  Analysis 

79  Aug  01 

66  (4)S 

Standard  Industrial  Classification  (SIC)  Codes 

79  Aug  15 

67  {2)G 

Guideline  for  Selection  of  Data  Entry  Equipment 

79  Sept  30 

68-2  (3)S 

BASIC  (ANSI  X3.1 13-1987) 

87  Aug  28 

*Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standcirds/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 


S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


FIPS  NO. 

CATEGORY 

TITLE-DATE 

CHANGE  NOTICES 

69-1 

(3)S 

FORTRAN  (ANSI  X3.9-1978/R1989) 

85  Dec  24 

70-1 

(4)S 

Representation  of  Geographic  Point  Locations 
for  Information  Interchange  (ANSI  X3.61-1986) 

86  Nov  14 

71 

(7)S 

Advanced  Data  Communications  Control  Procedures 
(ADCCP)  (ANSI  X3.66-1979/R1 990) 

80  May  14 

1 

72 

(6)G 

Guidelines  for  Measurement  of  Remote  Batch 

Computer  Service 

80  May  01 

73 

(5)G 

Guidelines  for  Security  of  Computer  Applications 

80  June  30 

74 

(5)G 

Guidelines  for  Implementing  and  Using 
the  NBS  Data  Encryption  Standard 

81  Apr  01 

75 

{6)G 

Guideline  on  Constructing  Benchmarks 
for  ADP  System  Acquisitions 

80  Sept  18 

76 

(3)G 

Guideline  for  Planning  and  Using  a 

Data  Dictionary  System 

80  Aug  20 

77 

(3)G 

Guideline  for  Planning  and  Management 
of  Database  Applications 

80  Sept  01 

78 

(7)G 

Guideline  for  Implementing  Advanced  Data 
Communication  Control  Procedures  (ADCCP) 

80  Sept  26 

79 

WITHDRAWN 

1 

* Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


83 


FIPS  NO. 

CATEGORY 

TITLE- DATE 

CHANGE  NOTICES 

80 

WITHDRAWN 

1 

81 

(5)S 

DES  Modes  of  Operation 

80  Dec  02 

1 

82 

(2)G 

Guideline  for  Inspection  and  Quality  Control 
for  Alphanumeric  Computer-Output  Microforms 
(ANSI/AllM  MSI- 1980) 

80  Sept  26 

83 

(5)G 

Guideline  on  User  Authentication  Techniques 
for  Computer  Network  Access  Control 

80  Sept  29 

84 

(2)S 

Microfilm  Readers  (ANSl/AlIM  (NMA)  MS20-1979) 

80  Oct  31 

85 

(2)S 

Optical  Character  Recognition  (OCR)  Inks 
(ANSI  X3.86-1980/R1987) 

80  Nov  07 

86 

(2)S 

Additional  Controls  for  Use  with  Amer.  Natl.  Std.  Code 
for  Inform.  Interchg.  (ANSI  X3.64-1979/R1990) 

81  Jan  29 

2 

87 

(5)G 

Guidelines  for  ADP  Contingency  Planning 

81  Mar  27 

88 

(3)G 

Guideline  on  Integrity  Assurance  and  Control 
in  Database  Administration 

81  Aug  14 

89 

(2)S 

Optical  Character  Recognition  (OCR)  Character 
Positioning  (ANSI  X3.93M-1981/R1989) 

8 1 Sept  04 

90 

(2)G 

Guideline  for  Optical  Character  Recognition  (OCR) 

Print  Quality  (ANSI  X3.99/R1991) 

83  Sept  29 

•Approved  in 

1992 

Category  Key:  (1)  General  Publieations  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards /guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


FIPS  NO.  CATEGORY  TITLE-DATE  CHANGE  NOTICES 


91 

WITHDRAWN  1 

92  (4)G 

Guideline  for  Standard  Oecupational  Classifieation 
(SOC)  Codes 

83  Feb  24 

93 

WITHDRAWN  1 

94  {2)G 

Guideline  on  Eleetrieal  Power  for  ADP  Installations 

83  Sept  21 

95  (4)S 

Codes  for  the  Identifieation  of  Federal 
and  Federal  Assisted  Organizations 

82  Dec  23  24 

96  (6)G 

Guideline  for  Developing  and  Implementing  a 

Charging  System  for  Data  Processing  Services 

82  Dec  06 

97 

WITHDRAWN  2 

98 

WITHDRAWN  2 

99  (3)G 

Guideline:  A Framework  for  the  Evaluation  and 

Comparison  of  Software  Development  Tools 

83  Mar  31 

i-H 

6 

o 

Interface  Between  Data  Terminal  Equipment  (DTE)  and 

Data  Circuit-Terminating  Equipment  (DCE)  for  Operation 
with  Packet-Switched  Data  Networks  (PSDN),  or  Between 

Two  DTEs,  by  Dedicated  Circuit  (ANSI  X3. 100- 1989) 

91  Mar  20 

101  (3)G 

Guideline  for  Lifecycle  Validation.  Verification, 
and  Testing  of  Computer  Software 

83  June  06 

*.^proved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Stcindards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


85 


FIPS  NO.  CATEGORY 

TITLE-DATE  CHANGE  NOTICES 

102  (5)G 

Guideline  for  Computer  Security 

Certification  and  Accreditation 

83  Sept  27 

103  (4)S 

Codes  for  the  Identification  of  Hydrologic  Units  in  the 

United  States  and  the  Caribbean  Outlying  Areas 
(USGS/CIRCULAR  #878-A  & ANSI  X3. 145-1986) 

83  Nov  15  1 

104-1  (4)S 

ANS  Codes  for  the  Representation  of  Names  of 

Countries,  Dependencies,  and  Areas  of  Special 

Sovereignty  for  Information  Interchange 

86  May  12  1 

105  (3)G 

Guideline  for  Software  Documentation  Management 

84  June  06 

106  (3)G 

Guideline  on  Software  Maintenance 

84  June  15 

107  (2&3)S 

Local  Area  Networks:  Baseband  Carrier  Sense 

Multiple  Access  with  Collision  Detection  Access 

Method  and  Physical  Layer  Specifications  and 

Link  Layer  Protocol  (ANSI/IEEE  802.2  & 802.3) 

84  Oct  31 

108  (2)S 

Alphanumeric  Computer  Output  Microform 

Quality  Test  Slide  (AIIM  MS28-1983) 

84  Nov  05 

109  (3)S 

Pascal  (ANSI/IEEE  770X3.97- 1983/R1990) 

85  Jan  16 

1 10  (3)G 

Guideline  for  Choosing  a Data  Management  Approach 

84  Dec  1 1 

111 

WITHDRAWN  2 

* Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformemce  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 


86 


FIPS  NO. 

CATEGORY 

TITLE-DATE 

CHANGE  NOTICES 

112 

(5)S 

Password  Usage 

85  May  30 

113 

(5)S 

Computer  Data  Authentication 

85  May  30 

114 

WITHDRAWN 

1 

115 

WITHDRAWN 

1 

116 

WITHDRAWN 

1 

117 

WITHDRAWN 

1 

118 

WITHDRAWN 

1 

119 

(3)S 

Ada  (ANSI/MIL-STD- 181 5A- 1983) 

85  Nov  08 

1 

120-1 

(3)S 

Graphical  Kernel  System  (GKS)  (ANSI  X3. 124- 1985, 

X3. 124. 1-1985,  X3. 124.2-1988,  X3. 124.3- 1989) 

91  Jan  08 

121 

(2&3)S 

Videotext/Teletext  Presentation  Level 

Protocol  Syntax  (North  American  PLPS) 

(ANSI  X3.1 10-1983(R1991)/CS  T500-1983) 

86  May  06 

122 

(8)T 

Conformance  Tests  for  FIPS  PUB  100  Version  of 

CCITT  1980  Recommendation  X.25,  etc. 

86  May  28 

123 

(3)S 

Specification  for  a Data  Descriptive  File  for  Information 
Interchange  (DDF)  (ANSI/ISO  821 1-1985/R1992) 

86  Sept  19 

124 

(3)G 

Guideline  on  Functional  Specifications  for 

Database  Management  Systems 

86  Sept  30 

*^proved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
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87 


FIPS  NO.  CATEGORY 


TITLE-DATE 


CHANGE  NOTICES 


125 

126 

127-1 

128 

129 

130 

131 

132 

133 
134-1 

135 

136 

137 

138 


(3)S  MUMPS  (ANSI/MDC  XI  1.1-1984) 

86  Nov  04 

(3)S  Database  Language  NDL  (ANSI  X3. 133- 1986) 

87  Mar  10 

(3)S  Database  Language  SQL  (ANSI  X3. 135-1989  & X3. 168-1989) 

90  Feb  02 

(3)S  Computer  Graphics  Metafile  (CGM)  (ANSI  X3. 122- 1986) 

87  Mar  16 

(2) S  Optical  Character  Recognition  (OCR)  - Dot  Matrix 

Character  Sets  for  OCR-MA  (ANSI  X3. 1 1 1 - 1 986) 

87  May  06 

WITHDRAWN  2 

WITHDRAWN  2 

(3) G  Guideline  for  Software  Verification  and 

Validation  Plans  (ANSI/IEEE  1012-1986) 


87  Nov  19 

WITHDRAWN  1 

WITHDRAWN  1 

WITHDRAWN  1 

WITHDRAWN  1 


(7)S  Analog  to  Digital  Conversion  of  Voice  by 

2,400  Bit/Second  Linear  Predictive  Coding 
84  Nov  28 

(7)S  Electrical  Characteristics  of  Balanced 
Voltage  Digital  Interface  Circuits 
75  Sept  24 


* Approved  in  1992 

Category  Key:  (1)  Genera'  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
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88 


FIPS  NO. 

CATEGORY 

TITLE-DATE  CHANGE  NOTICES 

139 

(7)S 

Interoperability  and  Security  Requirements  for 

Use  of  the  Data  Encryption  Standard  in  the 

Physical  Layer  of  Data  Communications 

83  Aug  03 

140 

(7)S 

General  Security  Requirements  for  Equipment 

Using  the  Data  Encryption  Standard 

82  Apr  14 

141 

(7)S 

Interoperability  and  Security  Requirements  for 

Use  of  the  Data  Encryption  Standard  with 

CCITT  Group  3 Facsimile  Equipment 

85  Apr  04 

142 

(7)S 

Electrical  Characteristics  of  Unbalanced 

Voltage  Digital  Interface  Circuits 

80  Jan  31 

143 

(7)S 

General  Purpose  37-Position  and  9-Position  Interface 

Between  Data  Terminal  Equipment  and  Data 

Circuit-Terminating  Equipment  (ELA-RS-449) 

85  June  10 

144 

(7)S 

Data  Communication  Systems  and  Services  User-Oriented 
Performance  Parameters  (ANSI  X3.102-1983/R1990) 

85  May  28 

145 

WITHDRAWN 

1 

146-1 

(2&3)S 

Government  Open  Systems  Interconnection  Profile  (GOSIP) 

91  Apr  03 

1 

147 

(7)S 

Group  3 Facsimile  Apparatus  for  Document  Transmission 

81  Aug  19 

148 

(7)S 

Procedures  for  Document  Facsimile  Transmission  (EIA-RS-466) 

82  Apr  14 

* Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
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FIPS  NO. 

149 

150 

151-1 

152 

153 

154 

155 

156 

157 

158 


CATEGORY 

(7)S 

(7)S 

(3)S 

(3)S 

(3)S 

(7)S 

(7)S 

(3)S 

(2)G 

{3)S 


TITLE-DATE  CHANGE  NOTICES 

General  Aspects  of  Group  4 Facsimile  Apparatus  (ELA- 536- 1988) 

88  Nov  04 

Facsimile  Coding  Schemes  and  Coding  Control  Functions 
for  Group  4 Facsimile  Apparatus  (EIA-538-1988) 

88  Nov  04 

POSDC:  Portable  Operating  System  Interface  for 
Computer  Environments  (IEEE  1003.1-1988) 

90  Mar  28 

Standard  Generalized  Markup  Language  (SGML) 

(ISO  8879-1986) 

88  Sept  26 

Programmer’s  Hierarchical  Interactive  Graphics  System 
(ANSI/ISO  9592.1,2.3-1989  & ANSI/ISO  9593.1  & 3-1990) 

88  Oct  14 

High  Speed  25-Position  Interface  for  Data  Terminal  Equipment 
and  Data  Circuit-Terminating  Equipment  (EIA-530-1987) 

88  Nov  04 

Data  Communication  Systems  and  Services  User-Oriented 
Performance  Measurement  Methods  (ANSI  X3. 141-1987) 

88  Nov  04 

Information  Resource  Dictionary  System  (IRDS) 

(ANSI  X3. 138- 1988) 

89  Apr  05 

Guideline  for  Quality  Control  of  Image  Scanners 
(ANSI/AIIM  MS44-1988) 

89  Sept  13 

The  User  Interface  Component  of  the  Applications 
Portability  Profile  (MIT  X Version  1 1,  Release  3) 

90  May  29 


*Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security  Standards/guidelines  (6) 
ADP  Operations  Standards/guidelines  (7)  Computer-Related  Telecommunications  Standards  (8) 
Conformemce  Tests 
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FIPS  NO.  CATEGORY 

TITLE-DATE  CHANGE  NOTICES 

159  (7)S 

Detail  Specification  for  62.5um  Core  Diameter/ 125-um 

Cladding  Diameter  Class  la  Multimode,  Graded-Index 

Optical  Waveguide  Fibers  (ANS1/E1A/TIA-492AAAA-1989) 

90  Dec  27 

160  (3)S 

C (ANSI  X3. 159- 1989) 

91  Mar  13 

161  (3)S 

Electronic  Data  Interchange  (EDI) 

91  Mar  29 

•162  (7)S 

1,200  Bits  Per  Second  Two-wire  Duplex  Modems  for 

Data  Communications  Use  on  Telephone-Type  Circuits 

92  Apr  02 

(Supersedes  FIPS  PUB  136/Former  Federal  Standard  1008) 

•163  (7)S 

2,400  Bits  Per  Second  Two-Wire  Duplex  Modems  for 

Data  Communications  Use  on  Telephone-Type  Circuits 

92  Apr  02 

(Supersedes  FIPS  PUB  133/Former  Federal  Standard  1005A) 

•164  (7)S 

2,400  Bits  Per  Second  Four- Wire  Duplex  and 

Two-Wire  Half-Duplex  Modems  for  Data 

Communications  Use  on  Telephone-Type  Circuits 

92  Apr  02 

(Supersedes  FIPS  PUB  133/Former  Federal  Standard  1005A) 

•165  {7)S 

4,800  Bits  Per  Second  Four-Wire  Duplex  and 

Two-Wire  Half-Duplex  Modems  for  Data 

Communications  Use  on  Telephone-Type  Circuits 

92  Apr  02 

(Supersedes  FIPS  PUB  134-1/Former  Federal  Standard  1006A) 

•166  (7)S 

4,800  and  9,600  Bits  Per  Second  Two-wire  Duplex  Modems 
for  Data  Communications  Use  on  Telephone-Type  Circuits 

92  Apr  02 

(Supersedes  FIPS  PUB  134-1 /Former  Federal  Standard  1006A) 

*Approved  in  1992 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
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FIPS  NO. 
•167 

•168 

•169 

*170 

•171 

*172 

•173 

*174 

*175 

*176 


CATEGORY 

(7)S 


(7)S 

(7)S 

(7)S 

(5)S 

(3)S 

(3)S 

(7)S 

(7)S 

(7)S 


TITLE-DATE  CHANGE  NOTICES 

9,600  Bits  Per  Second  Four-Wire  Duplex  Modems  for 
Data  Communications  Use  on  Telephone-Type  Circuits 
92  Apr  02 

(Supersedes  FIPS  PUB  135/Former  Federal  Standard  1007) 

12,000  and  14,400  Bits  Per  Second  Four-Wire  Duplex  Modems 
for  Data  Communications  Use  on  Telephone-Type  Circuits 
92  Apr  02 

Error  Correction  in  Modems  Employing 
Asynchronous-To-Synchronous  Conversion 
92  Apr  02 

Data  Compression  in  Modems  Employing  CCITT 
Recommendation  V.42  Error  Correction 
92  Apr  02 

Key  Management  Using  ANSI  X9.17  (ANSI  X9. 17-1985) 

92  Apr  27 

VHSIC  Hardware  Description  Language  (VHDL) 

(ANSI/IEEE  1076-1987) 

92  June  29 

Spatial  Data  Transfer  Standard  (SDTS)  (DOI/USGS  Specs.) 

92  August  28 

Federal  Building  Telecommunications  Wiring  Standard 
(ANSI/EIA/TIA-568- 1991) 

92  August  2 1 

Federal  Building  Standard  for  Telecommunications 
Pathways  and  Spaces  (ANSI/EIA/TLA-569-1990) 

92  Aug  21 

Residential  and  Light  Commercial  Telecommunications 
Wiring  Standard  (ANSI /EIA/TIA-570- 1991) 

92  Aug  21 


•Approved  in  1992 
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FIPS  NO.  CATEGORY  TITLE-DATE 


CHANGE  NOTICES 


•177 


•178 


•179 


(3)S  Initial  Graphics  Exchange  Specification  (IGES) 

(ASME/ANSI  Y14.26M-1989) 

92  Nov  30 

(7)S  Video  Teleconferencing  Services  at  56  to  1,920  kb/s 

(CCnr  Series  H Recommendations  H.22 1:230:242:26 1:320  - 1990) 
92  Dec  2 1 

(2&3)S  Government  Network  Management  Profile  (GNMP) 

92  Dec  14 
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